A wide-ranging series of cyberattacks by Chinese hackers has been uncovered by cybersecurity firm Accenture Security’s iDefense.
The hackers’ target, according to The Wall Street Journal? At least 27 universities located across the United States, Canada, and Southeast Asia.
The connection among most of the affected institutions is reportedly their involvement in research of military-use maritime technology. Some of the schools have been the recipients of Navy contracts, host research hubs, or employ faculty with maritime expertise.
In 2018, The Wall Street Journal reported that the same Chinese hacker group, sometimes known as Temp.Periscope, has been a persistent threat with a history of breaching Navy contractors.
Temp.Periscope has been blamed for cyberattacks that have resulted in the compromise of sensitive material related to military technology, including plans to construct a new supersonic anti-ship missile to be deployed by American submarines.
The recent cyberattacks reportedly sought to exploit the relationship between academic institutions and the information-sharing that takes place among them.
Spear-phishing emails containing malware, a common method for cyber-intrusion and information collection, were sent to the targets. The emails were disguised as legitimate correspondence from another affected university.
These types of efforts are anything but novel at this point, and the danger they pose to American national security remains high.
A 2018 indictment by the Justice Department revealed the extent of intrusions by another group of Chinese hackers, whose attacks gained unauthorized access to more than 45 technology companies and U.S. government agencies, stealing hundreds of gigabytes of sensitive information.
This rampant theft of intellectual property is not without its economic costs. Previous estimates suggest that intellectual property theft, including by China, costs the United States billions every year in potential revenue lost, placing strains on U.S. companies and hampering innovation and growth.
The theft of new technologies goes beyond the oft-reported economic concerns and presents a potentially larger national security issue.
The fact that many victims of these cyberattacks are upstream defense resources, such as contractors and universities, is concerning. It’s a reminder that China’s efforts to secure new technology are unbiased.
Because they are unlikely to have the same level of security infrastructure as that employed by some government installations, universities present a unique opportunity for malicious actors to gain access to new technical or industrial knowledge.
As such, universities can be low-hanging fruit for Chinese hackers.
Spending billions of dollars to develop and field new defense technologies, only to have their effectiveness compromised by a data breach, can be costly for developers and for taxpayers.
More importantly, it can endanger U.S. service members who rely on that technological advantage to accomplish their missions safely.
The United States must continue to take the dangers posed by cyberattacks and intellectual property theft seriously.
Encouraging U.S. companies and institutions to identify and secure vulnerabilities in their computer networks is an important step, but the U.S. must also develop and employ more direct deterrents against those actors that engage in cybertheft toward U.S. entities.
Strengthening U.S. defenses against cyberattacks can be a difficult task. Coordinating these efforts across a network of various institutions doesn’t make it any easier.
It remains clear, however, that China’s continuing theft of intellectual property creates economic and security risks that the U.S. cannot afford to leave unmitigated.