According to Blackberry research, five Chinese hacker groups have attacked Linux, Windows and Android for ten years. The groups worked in the interest of the Chinese government and were able to steal sensitive data unnoticed for ten years.

In Blackberry‘s report, security researchers evaluate five related Chinese advanced persistent threat (apt) groups. According to Blackberry, the groups (Innti Group, Passcv, Bronze Union, Casper Lead and Winxsplinter) are on the Chinese payroll. Although they operate independently of each other, they do show a high degree of coordination. They have been discovered because their methods, procedures and tools used have been virtually the same over the past ten years.

The groups have systematically focused on Linux servers, Windows systems and Android devices. The compromise of Linux systems is of particular concern as almost all major websites run on Linux. Also, 75 percent of all web servers, 98 percent of supercomputers and 75 percent of the major cloud providers use the operating system.

“Linux is not normally user-facing, and most security companies focus their technical and marketing attention on products designed for the front office rather than the server rack. So coverage for Linux is scarce,” says Eric Cornelius, Chief Product Architects at Blackberry. “These APT groups have focused on this security gap and used it for their strategic advantage to steal intellectual property from specific industries for years without anyone noticing it.

Working from home

The report states that the nature of cross-platform attacks is of particular concern, because people are forced to work remotely to prevent the spread of the corona virus. The tools discovered by Blackberry researchers are designed to take advantage of people working from home. Reducing the number of cyber security personnel only increases the risk of a new potential cyber attack.