Did China orchestrate the massive hack of Anthem, the nation’s No. 2 healthcare insurer, to steal intellectual property it needs to jump start a domestic healthcare system?
That’s one scenario being discussed by the security community and would fit the pattern of not just China, but other nations, stepping up cyber attacks to pursue geo-political goals.
CrowdStrike's 2014 Global Threat Report
details how China remains by far the most active nation conducting cyber espionage campaigns. Hot on China’s heels, in terms of executing concerted hacks for nationalistic gain, are Russia, Iran and North Korea, the nation President Obama blamed for the Sony Pictures hack.
“China is a giant vacuum cleaner for intelligence,” Adam Meyers, CrowdStrike’s vice president of intelligence, tells ThirdCertainty. “They’re targeting dozens and dozens of organizations, going after intellectual property and trade secrets.”
3C’s newsletter: Free subscription to fresh analysis of emerging exposures
One particularly active Chinese hacking collective, dubbed Hurricane Panda, specializes in cracking the networks of Internet services, engineering and aerospace firms. Hurricane Panda uses "an arsenal of exploits" and has pioneered ways to slip into a network, then stealthily escalate privileges to roam deeper.
While some of the data stolen by nation state-backed hackers most likely gets sold for profit, these attackers exist primarily to pursue strategic goals -- in China’s case to accelerate the development of domestic infrastructure to serve its massive population, which is rapidly becoming more Westernized.
CrowdStrike’s threat report follows news pointing to Chinese hackers, referred to as Deep Panda,
as the culprits behind stealing healthcare personal information for 80 million Anthem plan members and employees.
CrowdStrike is not directly involved in the Anthem investigation. That said, Myers tells ThirdCertainty that his firm has monitored Deep Panda targeting other healthcare organizations in the past.
China is dealing with a rising middle class for the first time in its history, he says. Smoking, drinking and poor eating habits are on the rise, with associated medical conditions sure to follow that are all too familiar in the West.
“They are dealing with diabetes, heart conditions and cancers at a large scale for the first time,” Meyers said. Rather than import healthcare services, China prefers to rapidly build a homegrown system and appears to be willing to steal intellectual property to do so.
“They want to be able serve their own domestic market for heart splints, diagnostic equipment and the like,” Meyers says. Hacking healthcare organizations could give China “the ability to leapfrog the design, test and build phases.”
New attack model
While China may run the most focused cyber spying operation, smaller nations, like Iran and North Korea, are discovering how cyber attacks can tilt the balance in geo-political disputes against a much more powerful adversary, namely the U.S.
In response to economic sanctions imposed by the U.S. to stem Iran’s development of nuclear capability, Iran-backed hacking groups heavily targeted the financial sector in 2013, and in 2014 turned their focus to U.S. aerospace, defense and energy targets, CrowdStrike reports.
And North Korea appears to have derived a model that could stir smaller nations to develop cyber attack strategies to gain political leverage on the global stage. The Sony Pictures hack embarrassed a Fortune 100 company and compelled President Obama to chastise North Korea.
Cyber attacks have become a kind of twisted diplomacy. “It’s a viable way to coerce an adversary into doing something,” Meyers says. “I think we’re going to see this practice continue.”