Tag:China

1
China’s main security agency linked to cyber intellectual property theft
2
Draft law proposes security assessment of data exported out of China
3
Government Regulation, Legislation and Enforcement Updates

China’s main security agency linked to cyber intellectual property theft

By Cameron Abbott and Wendy Mansell

In April 2017, PWC, in collaboration with BAE Systems’ published a report on “Operation Cloud Hopper”, which exposed a cyber espionage campaign being conducted by a China-based threat actor. The report suggests that Operation Cloud Hopper is almost certainly the same threat actor known as “APT10”, a Chinese group thought to be behind cyber-attacks against many countries including Japan, Canada and America.

Recently it has been reported that there are links between China’s Ministry of State Security (MSS) and Operation Cloud Hopper. These allegations are from U.S based firm CrowdStrike who have recognised ties between Operation Cloud Hopper and the MSS Tianjin Bureau.

There is no confirmation that the MSS is behind the Cloud Hopper attacks, however Dr Adrian Nish, Head of Threat of Intelligence at BAE Systems said that there is “no reason to doubt” the claims.

The term “Cloud Hopper” describes a technique where cyber espionage groups “hop” from cloud storage services and infiltrate Australian IT systems. Operation Cloud Hopper is responsible for the theft of intellectual property from a number of Australian companies, primarily focused on mining, engineering and professional services firms.

In a week full of news about China activities in the region, the suggestion of state sponsored hacking thefts is a salient warning to companies that their core intellectual property assets are at risk if not well secured.

Draft law proposes security assessment of data exported out of China

By Cameron Abbott and Allison Wallace

The Cyberspace Administration of China has released a draft law that would impose an annual security assessment on firms exporting data out of China.

The proposed legislation would apply to any business which transfers more than 1000 gigabytes of data, or which affects more than 500,000 users, and is the latest of several safeguards announced in recent times against threats such as hacking and terrorism.

Under the draft law, economic, technological or scientific data whose transfer would post a threat to public or security interests would be banned, and there would be extra scrutiny of sensitive geographic data.

Businesses would also have to obtain the consent of users before transmitting it overseas.

The draft law follows another passed in November 2016 which formalised a range of controls over firms that handle data in industries the Chinese government labels critical to national interests.

Government Regulation, Legislation and Enforcement Updates

by Jim Bulling and Julia Baldi

China Introduces new Cybersecurity Laws
China introduced new cybersecurity laws, which require both local and foreign banks and financial institutions with Chinese clients (including Australian financial institutions) to use IT equipment deemed “secure and controllable” by Beijing. The breadth of the laws has upset foreign financial institutions given the potential cost of compliance if foreign entities must implement IT equipment systems in accordance with Chinese directives.

See the Financial Times report here.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.