China’s MSS Linked to Marriott Breach

China’s MSS Linked to Marriott Breach

The Chinese government is responsible for the massive breach recently disclosed by Marriott International, according to new reports.

Two people briefed on the ongoing investigation told the New York Times that the attackers are suspected of working for China’s sprawling Ministry of State Security (MSS).

The hack, it is claimed, was part of a major intelligence gathering operation that also included the notorious breach of the Office of Personnel Management (OPM). Its aim is to build up detailed profiles on US executives and government officials with security clearance.

With the passport information stolen as part of the trove, Chinese spies could theoretically keep tabs on the movements of such individuals more easily. Marriott is said to be a favorite hotel provider for US government and military personnel.

Combined with the information from the OPM, it’s thought that the hotel data could help the MSS identify possible US spies and even recruit their own agents, as well as the Chinese citizens that may have been helping them.

The revelations are likely to cause extra turbulence for the Sino-US trade deal currently being hammered out and the 90-day ‘truce’ agreed by the two presidents in Buenos Aires.

It also presages a new swathe of action from Washington designed to open the kimono on Chinese cyber-espionage activity.

It’s predicted we’ll see a fresh round of indictments of Chinese military and intelligence operatives, and possibly the declassificiation of an US intelligence report detailing Beijing’s concerted attempts to build a huge data lake of American citizens’ information.

The indictments are thought to be linked to “Cloud Hopper” (APT10), a group that has spent years targeting the managed service providers of large companies.

An official with knowledge of the plans said they could also include making it harder for Chinese telecoms firms to get hold of key components. Any such move would likely enrage Beijing and only accelerate its cyber-espionage-fuelled efforts to become self-sufficient in tech.

Sam Curry, CSO at Cybereason, argued that Washington is rapidly changing its stance on China.

“The appropriate response is one that is on the political, diplomatic, economic, and military domains where cyber is a factor and not the only star,” he added. “Cyber is both a domain in its own right and a component of all the others. So the administration needs to plan a response to the political situation, using cyber as a tool."

Source: Information Security Magazine