Chinese Regime-Linked Hackers “APT 20” Resume Global Attack

By Penny Zhou

A hacking group linked with the Chinese Regime has resumed their global attacks, stealing data from companies and government agencies, according to Dutch cyber-security firm Fox-IT.

The researchers believe the hacking is being performed by a group called APT20, also known as Violin Panda, a group that is “likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes.”

The report said that over the last two years the group has been targeting government entities and companies across a wide variety of industries, including aviation, finance, health care, energy, insurance, gambling, construction, etc. The report identified victims from 10 countries, including the United States.

The Chinese hacker group was active from 2009 to 2014, targeting military and telecom companies, but went undetected for a while, according to Bloomberg.

Cybersecurity expert Casey Fleming said he is not surprised by the report of their resurgence. He said the Chinese regime is known for hiring hackers. It’s part of their ongoing hostile strategy, known as “asymmetric hybrid warfare”, to compromise competitor and enemy states without shedding blood.

“The Chinese Communist Party for years, for decades, and it’s peaking now…stealing innovation, intellectual property, sensitive data, trade secrets… just basically everything that you run your company on,” said Fleming, CEO of BLACKOPS Partners, “They’re stealing that and they have done a perfect job in doing so.”

“They’re achieving military gains through non-military methods,” Fleming told NTD.

In 2014, five Chinese military officers were indicted for stealing business secrets and intellectual property (IP) from U.S. firms.

Last year, the Department charged two other Chinese hackers linked with the regime for stealing secrets from the U.S. Navy.

The Commission on the Theft of Intellectual Property estimates (pdf) the annual cost to the U.S. economy in IP theft to be in the range of $225 billion to $600 billion. It states that “IP theft by thousands of Chinese actors continues to be rampant,” and China “remains the world’s principal IP infringer.”

“It’s a form of war that every company is in, whether they want to be in or not,” Fleming said.

Fleming said the Chinese military hacker resurgence can be linked with the Trump administration’s tough stance on China and the trade wars.

Researchers from Fox-It say there are several indicators revealing the hackers’ nationality. They sometimes type in simplified Chinese characters, are active during the time frame within China’s timezone, and when they realized they were getting caught and thrown out the system, they have even cursed in a Chinese.