State-sponsored hackers from China have developed techniques that evade common cybersecurity tools and enable them to burrow into government and business networks and spy on victims for years without detection, researchers with Alphabet Inc.’s Google found.
Over the past year, analysts at Google’s Mandiant division have discovered hacks of systems that aren’t typically the targets of cyber espionage. Instead of infiltrating systems behind the corporate firewall, they are compromising devices on the edge of the network—sometimes firewalls themselves—and targeting software built by companies such as VMware Inc. or Citrix Systems Inc. These products run on computers that don’t typically include antivirus or endpoint detection software.
The attacks routinely exploit previously undiscovered flaws and represent a new level of ingenuity and sophistication from China, said Charles Carmakal, Mandiant’s chief technology officer. Researchers have linked the activity to a suspected China-nexus hacking group because of the profile of victims, including some who have been hit repeatedly, the high degree of novel tradecraft and sophistication observed and level of resources required, and the identification of obscure malware code only known to have been used by China-based threat actors in the past, among other reasons.
China has routinely denied hacking into businesses or governments in other countries and accused the U.S. and its allies of the practice. The Chinese Embassy in Washington didn’t immediately respond to a request for comment.