Russian and Chinese cyber spies are using similar — and surprisingly simple — methods to hack their top U.S. targets.
According to new research from security firm Invincea, Chinese hackers breached health insurer Anthem using the same tactics that Russian hackers used to infiltrate the White House. Both lured an employee into clicking on a link to a video or software update that then installed a hidden gateway into the computer system for digital intruders.
“Such spear-phishing success demonstrates that common attack techniques work against even highly trained users in sophisticated organizations,” said the Invincea report. “These attacks were conventional in approach even if sent by advanced threat actors — a common pattern in targeted attacks.”
The details dovetail right down to the type of software that served as the gateway.
“Not only were the attack vectors nearly identical, but the malware used were also similar,” the report said.
One slightly embarrassing difference, however, does stand out.
At Anthem, Invincea said an employee was tricked by a link to supposedly update software the company had purchased from Citrix.
But at the White House, “personnel were fooled by an ‘Office Monkeys’ video that was likely shared among staff, making it socially viral as well as infectiously viral,” Invincea said.
Both attacks were pivotal moments that dramatically illustrated the growing cyber threat against the U.S.
In the case of Anthem, the digital thieves made off with 80 million people’s information, including Social Security numbers, stirring public fear that more than just people's credit card data was vulnerable to hackers.
Anthem was the first breach discovered in what experts now believe is a spate of Chinese cyberattacks targeting health insurers, airlines and, most notably, the Office of Personnel Management (OPM), a breach that is thought to be the largest in government history. With this hoard of data, it’s believed China is building a comprehensive espionage database on U.S. government workers.
In the White House incident, the intruders apparently got access to President Obama’s personal, nonpublic schedule, showing just how deep Moscow can penetrate the government. The intrusion is thought to be tied to other successful Russian hacks at the State Department and Pentagon, all part of Moscow’s widespread digital assault on the U.S. government.