Chinese Supply-Chain Attack Suspected
0
0
Table of Contents
In an effort to steal information and disrupt the global supply chain, the Chinese government has been accused of hacking the U.S. military and intelligence agencies’ systems. The Chinese Supply-Chain attack is thought to have started in manufacturing facilities in China and Taiwan, where a vulnerability was installed before it was shipped to the U.S. It is unknown exactly how many servers were affected, or which systems were targeted. Read on to learn more about this suspected Chinese supply-chain attack and how it could affect the supply chain.
Sources
A recent report suspected the involvement of the Chinese government in a hardware supply chain attack. While it is still unclear how far the attack has spread, its scope seems enormous, and it is not just a matter of hacking and stealing intellectual property. This attack may also compromise U.S. industry and the DoD, as Chinese spies may have installed a hardware backdoor on servers used by these organizations.
The NSA documents contain general information about U.S. and Chinese capabilities. The NSA, for example, describes a highly classified supply chain attack. NSA intercepted equipment orders from Chinese manufacturers and compromised them with implant beacons. While this is a potentially devastating scenario for U.S. companies, the attack may have wider implications, since it could cause the internal infrastructures of our vendors to be compromised.
Targets
As of mid-2018, the Chinese government has identified several cyber espionage groups responsible for the latest technology supply chain attack, including APT10, APT17, and APT41. These groups are known for their targeting of Western organizations, including political entities and NGOs with a close connection to Chinese minority groups. While the specific goals of these groups are not known, there is an overlap between their objectives and those of Chinese government cyberespionage groups.
China’s massive manufacturing market makes it easy to target foreign technology companies for competitive reasons. Russian state-sponsored actors have historically targeted defense and energy companies, but these industries are more relevant to their economy and geopolitical strategy. While China has a large manufacturing market, it is not the only country that is vulnerable to supply chain attacks. In some cases, an attack can spread through a country’s entire supply chain, including its vendors.
Methods
The U.S. intelligence community had concerns about China’s capabilities to use the supply chain for espionage. While the report contains many questions, several people have confirmed parts of it. This attack highlights how dangerous the supply chain can be. For instance, adversaries can modify motherboards before they leave a manufacturer. And if they can do it successfully, the payoff can be enormous. These methods are likely to increase in frequency and sophistication as technology improves and more sophisticated attackers gain access to it.
While the U.S. government takes the threat of Chinese supply chain attacks very seriously, it is not yet clear how these attacks can occur. Nevertheless, some researchers believe that China’s hackers can infiltrate the supply chain of hardware manufacturers in the U.S. and exploit their vulnerabilities to compromise critical infrastructure. The government has launched a full-scale investigation to learn more about this new threat. If you’ve been thinking about purchasing computer hardware from a Chinese company, you’ve probably been worried about this threat. After all, you never know when a foreign country may want to steal your data.
Impact
A Chinese supply chain attack has been a concern of the U.S. intelligence community for some time. It’s a very effective way for Beijing to spy on businesses, as many of these companies source parts from China. Because many of these components are assembled in China, it’s easy for China to infiltrate the supply chain and gain access to data. But what is the impact of such an attack?
The Chinese spies implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. These Chinese spies allegedly gained access to the servers of more than 30 American companies.
Also Read: Advantages of a Fixed Ground Power Supply System
