Security News > 2021 > July > Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say

The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a "Naming-and-shaming" approach - but researchers aren't convinced the efforts will come to much in terms of deterring future activity.

The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the National Security Administration released multiple advisories providing details about cybersecurity threats from the Chinese government, and announced the indictments of four Chinese nationals alleged to have been operating on behalf of the Chinese Hanian State Security Department.

The indictments allege the four Chinese Hainan State Security Department, were behind the advanced persistent threat group APT40: Including Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, as well as Wu Shurong, who allegedly wrote and targeted malware against universities, governments and companies across the globe between 2011 and 2018.

Hitesh Sheth, president and CEO at Vectra, compared the APT40 indictments to last October's charges against Russian nationals accused of being tied to the Sandworm APT. Because Russia doesn't have any extradition agreements with the U.S., the indictments remain what Sheth called "Symbolic."

"For a reminder of how effective such indictments are, hark back to last fall's grand jury indictments of Russian GRU officers on cybercrime charges. If they slowed Russian malware campaigns, it's hard to tell."

Dirk Schrader from New Net Technologies said that he fears government gestures like these indictments could have the opposite effect as intended, and end up actually being detrimental to the country's security posture.

News URL

https://threatpost.com/indictments-attribution-chinese-hacking/168005/