Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Spy Campaign Targeting US Defense Sector Possibly Linked to China: Report

Tuesday, November 9, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.theepochtimes.com/spy-campaign-targeting-us-defense-sector-possibly-linked-to-china-report_4092211.html

Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province, on Aug. 4, 2020. (Nicolas Asfouri/AFP via Getty Images)

A cyberespionage campaign that breached nine global agencies, including one in the United States, could have been perpetrated by a group with ties to the Chinese regime.

The campaign resulted in the theft of sensitive documents from an unnamed government agency between September and October, according to a report by Unit 42, a threat intelligence team specializing in cyber risk and incident response at Palo Alto Networks, in partnership with the National Security Agency Cybersecurity Collaboration Center.

“As early as Sept. 17, the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet,” the report reads. “Subsequently, exploitation attempts began on Sept. 22 and likely continued into early October.

“During that window, the actor successfully compromised at least nine global entities across the technology, defense, healthcare, energy, and education industries.”

The report states that the identity of the actor(s) behind the campaign couldn’t be verified, but notes that their tactics and tools most closely resembled those of a cyberespionage group with ties to the Chinese regime known as Emissary Panda.

Emissary Panda is known by many names, including APT 27, Bronze Union, Iron Tiger, Lucky Mouse, and TG-3390. It’s one of numerous groups to have splintered out of the state-sponsored Winnti Group, and it’s responsible for cyberattacks in the Americas, Asia, Europe, and the Middle East, according to a report by Canadian media outlet CBC. The group specializes in using cyber espionage to collect data from government targets and frequently targets energy, defense, and aviation sectors.

The hacking group has been implicated in numerous cyber attacks since at least 2009 and has exploited Microsoft Exchange vulnerabilities as recently as early November, when it leveraged ransomware against targets primarily located in the United States.

The report states that the campaign scanned more than 370 U.S-based servers, including servers at the Department of Defense, while looking for vulnerabilities. It then exploited newly discovered vulnerabilities in a password management and single sign-on solution, ManageEngine ADSelfService Plus.

Once exploited, malicious actors were able to move laterally into related systems, install a credential-stealing tool, and gather and exfiltrate sensitive files.

“Unit 42 believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization,” the report reads.

News of the attack closely follows a warning by the National Counterintelligence and Security Center that China’s communist regime is engaged in a comprehensive campaign to acquire critical and emerging technologies from the United States through legal, quasi-legal, and illegal means. U.S. technologies are critical to the development of many of China’s own weapons programs, and state-sponsored groups in China and those linked to the Chinese military have been accused of stealing data globally.

Similarly, the former chief software officer of the U.S. Air Force and Space Force recently said that Chinese agents pose a significant “insider threat” to U.S. tech companies.

Such threats to the nation don’t necessarily require feet on the ground, as was recently demonstrated by a report that an ongoing pro-China influence operation previously attempted to physically mobilize protestors in the United States by leveraging fake social media accounts across 70 websites, including Facebook, Twitter, and YouTube.

The agencies breached in the campaign haven’t yet been publicly identified.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.