A large cyberattack traced back to servers in China and first detected in early January has led the Canadian government to shut down Internet access at two government departments.
The attacks successfully breached networks at the Finance Department and Treasury Board, Canada's "economic nerve centres," reports CBC News, which broke the story. The attack also targeted a third government department, the Defence Research and Development Canada, the civilian research and development arm of the Canadian military.
The attack left Canadian counterespionage agents frantically investigating whether any sensitive government information had been stolen and who was behind the intrusion. While the cyberattacks were traced back to servers in China, CBC News reports that high-level sources caution that they cannot be sure responsibility lies with Beijing. The hackers may have routed the attack through Chinese servers to obscure their true origin.
The Chinese government denies any involvement with the attack, reports PC World.
The attacks reportedly originated with strategically sent spearphishing e-mails using two different attack methods.
In the first wave of the attack, the hackers sent spearphishing e-mails to department technical staff made to look like they came from federal executives. The e-mails asked technical staff for passwords to critical government networks—a request they complied with.
In the other attack, hackers sent other department staff spearphishing e-mails with malicious attachments. Once opened, "a viral program was unleashed on the network" that "hunts for specific kinds of classified government information, and sends it back to the hackers over the internet."
These types of targeted attacks are known as an "advanced persistent threat" (APT) in cybersecurity circles. While APT sounds like a concept, it really means that a sophisticated group of hackers have targeted a specific network to attack and will not stop until they gain access.