Is China the new Russia? - McAfee · Date, specific business group MCAFEE CONFIDENTIALITY LANGUAGE...

McAfee Confidentiality Language

Is China the new Russia?

Analyzing the Similarities and Differences of Chinese Threat Actors from their Russian

Counterparts

Dave Marcus, Principal Engineer and Consigliere

Advanced Programs Group, OCTO

2Date, specific business group MCAFEE CONFIDENTIALITY LANGUAGE

02

Key Similarities and Differences between the

Chinese and Russian Cybercrime Underground

History

The Current State of the Chinese

Cybercriminal Underground

Growth of Chinese Cybercrime with Global Operations

Conclusion

Why It is Increasingly Difficult to Isolate Cybercrime

from Cyber Espionage Activity

Agenda

03

04

05

06

01


China Russia

1994

2006

2011

One of the first!! $10 million

attack against Citibank

Chinese Academy of Sciences

built the first cable connection

to the World Wide Web

First cybercrime arrestsRussian cybercriminal

underground was worth

between $2.5 and $3.7 billion,

accounting for 35% of the

global cybercrime revenue

(total $8 to 10 billion in 2011)2018

The Chinese cybercriminal

underground was worth $15

billion, roughly 1% of the

global cybercrime revenue

(total $1.5 trillion in 2018)

Source: Infosec Island

Sources: Xinhua News and Dark Reading


The Chinese Cybercrime Underground

Estimated number of cybercriminals making up China’s

thriving cybercrime underground400,000

30% The growth rate of China’s cybercrime annually

$15 billionThe worth of China’s cybercrime in 2018, nearly twice the

size of its information security industry

THE MARKET

Estimated monthly earning of a skilled organized phishing

scam group$43,590

Sources: Xinhua News, sec-un.org


Similarities Between the Chinese and Russian

Cybercrime Underground


Tactics, Techniques and

Procedures


Baidu Tieba QQ groups Sina Weibo


Screenshots of Chinese underground

hacker groups

Guarantee DDoS service group

Data exfiltration group

Magic sword phishing group


Screenshot of online engagement with Chinese

cybercriminals via QQ instant messenger



Attack-as-a-Service


The screenshot of pen-testing software offered by an underground hacker


The screenshot of an online advertisement titled “the most up-to-date and dangerous cyber-

attack software in 2013”


Geographical Operations


The Philippines

Malaysia

Cambodia

Indonesia

China


Phishers Marketers Blackmailers Infiltrators

Malware writersQQ hacking group masters

Malware wholesalers

Money laundersAntivirus detection evasion experts

Prawns 大虾 or Car masters 车主

拉单人 (Ladanren ) 免杀人员 (Miansharenyuan)

Middleman

(aka pack mull 包马人)


China Russia

Motivation Financial Financial

Communication and

advertising tactics

One on on engagement but

slowly changing

Centralized/standard service

process

Geographical operation Global but mainly focus on Asia Global

High demand productsHacking tutorial or training

services, DDoS botnet

DDoS tools

Remote access trojan

Pen-testing services

Preferred payment method Alipay, bank trasfer and bitcoin Bitcoin and Monero

Recruiting strategy Master-apprentice mechanism Social media


QQ hacking group

Phishers Marketers Blackmailers Infiltrators

Malware writersQQ hacking group masters

Malware wholesalers

Money launders Antivirus evasion experts

Master

Apprentices


Products and Services Offering in the Chinese

Cybercrime Underground


United States

Canada

South Korea

• Scans of counterfeit US driver’s licenses

• Physical counterfeit US driver’s licenses

• Hacked US cell phone numbers

• Counterfeit US social security cards

• US citizens PII

• Hacked email accounts (gmail, hotmail,

yahoo)

• Stolen US social media accounts

Taiwan

• Scans of counterfeit Canadian driver’s

licenses

• Physical counterfeit of Canadian

driver’s licenses

• Counterfeit Taiwan

identification cards

• Hacked email accounts

• Scans of South Korean

passports

• Social security cards

• Stolen email accounts

China

• Physical counterfeit

Chinese identification

cards

• Social security number

• Baidu internal employee

directory

• Huawei internal employee

directory

• Tencent internal employee

directory

• Alibaba company data

• Verified Chinese bank

accounts with large

balances

• Chinese airline customer

data Singapore

• Singapore citizens PII

Regional Specializations Within Chinese Cybercrime

Japan

• Hacked email accounts


Training and Educational Services


1 million stolen US email accounts for sale

Counterfeit US and Canadian driver’s license

for sale

15 million hacked Experian accounts for sale

PII and Credential Sales by Region and Sector


Large scale, global breaches have made data a buyer’s market


It will be increasingly difficult to separate

cybercrime from cyber espionage activity.

v.s.


Huawei internal employee directory

China’s billionaire club: names, telephone numbers, cars,

philanthropy, personal assets, and residences

Internal documents detailing high-level CCP officials’

personal information


Conclusion

McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries.

Other names and brands may be claimed as the property of others.

Copyright © 2017 McAfee LLC.

Date post:	28-May-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

Is China the new Russia? - McAfee · Date, specific business group MCAFEE CONFIDENTIALITY LANGUAGE...

Documents