Light Wave


China’s Relentless Assault on America’s Cyber Assets

By Belal Awad · July 17, 2023

Kevin Mandia, CEO of cybersecurity firm Mandiant, highlights the evolution and increasing sophistication of Chinese cyber espionage, challenging the effectiveness of zero trust security and emphasizing the need for continuous innovation in cybersecurity.   TUBS, CC BY-SA 3.0 , via Wikimedia Commons

In a recent interview with CNBC, Kevin Mandia, CEO of top cybersecurity firm Mandiant, now a part of Google Cloud, raised concerns over Chinese cyber espionage and its implications for zero-trust security.

Mandia said, “What we’re seeing here is the evolution of Chinese cyber espionage. Gone are the days where they’re a tank through a cornfield…The OpSec has improved.” China led the world in discovering and using 55 zero-day attacks last year, he explained, adding, “China led the world in discovering these zero days and using them.” These are attacks that exploit vulnerabilities for which there is no known patch. 

On China’s recent attack on Microsoft, Mandia said, “This is something that was multi-stage…This is not somebody coming through the front door. This is a very intentional act by a nation that has modernized its offensive capability in the cyber-domain faster than any other nation in the last 12 months.”

Microsoft revealed on Tuesday that Chinese hackers breached its customers’ email systems to gather intelligence. While the company was able to detect the unusual activity and launched an investigation, the hackers managed to manipulate credentials and gain repeated access to the accounts. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reported that a federal government agency found the breach last month and promptly informed Microsoft and CISA. The agency’s identity was not disclosed, according to CISA’s blog post on Wednesday.

Zero-trust security – a framework requiring all users to be authenticated, authorized, and continuously validated before being granted access to applications and data – is designed to detect such activities. The growing sophistication and volume of these attacks is a major challenge to zero trust.

On the time it takes for US agencies to assess the damage from such attacks, Mandia said, “In general, when email is the target, your damage assessment is really good. Meaning you know what email’s been taken. It is more probable…that right now we have a very good view of what’s been actually taken by the adversary in this case. And I think the time consumption will be what was taken [and] what’s the content of that and how can that be used”

Light Wave commentary

Mandia’s commentary underscores the evolving nature of cyber-threats and the profound need for continuous cybersecurity innovation. As nations like China develop their cyber capabilities, organizations and governments will face increasing pressure to stay ahead of the curve. While zero-trust security offers a robust framework, it is not immune to sophisticated, multi-stage attacks. Constant vigilance, timely threat assessment and intelligence, and proactive defense strategies will be increasingly essential to protect America’s and the West’s vulnerable online infrastructure.