DB - Digital Battlespace

Chinese cyber-attack targets maritime suppliers

29th March 2019 - 13:00 GMT | by Angus Batey in London


Save this for later

The security of computer networks and digital systems represents a growing area of concern for both civilian and state-owned entities active in the maritime domain, but attention has tended to focus on attacks in which maritime systems were not necessarily intended targets. 

For example, the Wannacry ransomware outbreak of 2017 caused extensive disruption and significant financial loss to the shipping giant Maersk, though neither the company nor the sector was specifically targeted. 

This trend, however, is changing. A 4 March report from cybersecurity firm FireEye described a long-term 'cyber espionage operation', ongoing since 2013, which the authors attribute 'with moderate confidence' to agents of the Chinese state. 

The campaign, which FireEye has designated APT 40, 'has specifically targetted engineering, transportation, and the defence industry, especially where these sectors overlap with maritime technologies,' the report says. 

The authors go on to add that they 'have also observed specific targeting of countries strategically important to the Belt and Road Initiative'- the Chinese government's ongoing global infrastructure programme, the seaborne elements of which are sometimes referred to as the Maritime Silk Road - 'including Cambodia, Belgium, Germany, Hong Kong, Philippines, Malaysia, Norway, Saudi Arabia, Switzerland, the United States and the United Kingdom.'

The report argues that the motivation for the attack is to assist the China’s PLAN in developing and enhancing its capabilities. But this assessment may be wide of the mark, according to Bill Hagestad, a retired US Marine Corps officer who has written extensively about Chinese cyber capabilities and operations, speaks and reads Mandarin, and is a visiting fellow at the Knowfar Institute for Strategic and Defence Studies, a think-tank based in Jiangsu Province, China. 

In an interview with Shephard, Hagestad argued that any information exfiltrated from western systems is likely to be viewed as a bonus, and that the primary motivation for the campaign is to demonstrate Chinese military cyber capability to senior Communist Party figures. 

'A concept that is significantly annoying to the Chinese military, both those who have served and those who currently serve, is that they have not experienced combat in a forward-deployed area like their foreign military friends who have been in Iraq and Afghanistan,' he said. 

'They want to exercise their ability, to show that the Chinese military is no longer a hollowed-out automated type of force that you might have seen in [the Korean war], but it is one that has the combined-arms capability of ground, sea, air and now cyber. Active intelligence-gathering will just be a by-product of that. 

Hagestad continued: ‘They want to demonstrate that they can help the maritime expansion - the One Belt One Road philosophy - from a military perspective, and show that they have value to add to the Communist Party apparatus beyond just being stationed around China and suppressing minorities such as the Uighurs.'

Hagestad's advice to maritime-focused businesses and entities involved in Belt and Road projects is straightforward: they should be on their guard, ensure networked systems are fully updated and patched, with basic cybersecurity, intrusion-detection and anti-malware protection installed and running. And, just as they should carry out the basics of digital defence, so too they should perform 'active counter-intelligence' on companies and countries they are doing business with.

'If you're engaged with a Chinese state-owned enterprise, Google the company's name in Chinese,' he said. 'See if they have not in fact mimicked your brand name and are using the very processes and procedures that make you successful as a maritime economic partner.' 

Back to News

Share to