Round-the-clock technical and customer support coupled with work hours extending into the weekend, China’s cybercrime network has shifted from being a mix of local networks to a sophisticated service enterprise, according to a report by Santa Clara, California based computer network security provider McAfee.
Compared to three years ago, the Chinese cybercrime network now has a complex business model with hierarchies. The network also sees partnerships and collaboration between local and international cybercriminal entities, the report by Anne An, a senior security researcher at McAfee’s Advanced Programs Group (APG) said.
“The McAfee Advanced Programs Group (APG) has observed Chinese non-state threat actor groups gradually transform from small local networks targeting mostly Chinese businesses and citizens to large, well-organized criminal groups capable of hacking international organisations,” pointed out An.
Fueling the cybercrime network is China’s internet boom. The country has close to 840 million users as of February 2019 report by the Statista Research Department.
According to 2018 Internet Development Statistics, China’s cybercriminal underground was worth more than $15 billion, nearly twice the size of its information security industry. Cybercrime in the country is growing at a rate of more than 30%a year and an estimated 400,000 people work in underground cybercriminal networks, the report noted.
Meanwhile, the Chinese government claims to have cracked down on these groups. The first ten months of 2019 saw investigators look into 45,743 cases in a special campaign against cybercrime. China’s Ministry of Public security also said it caught over 65,000 suspects as of November 14, 2019, according to local media reports.
To escape local law enforcement agencies, the Chinese cybercrime networks are shifting base to countries with weak legal frameworks against such crimes. Malaysia, Indonesia, Cambodia and the Philippines top the list.
“As this cybercriminal network continues to advance and target high-value business assets, international organisations operating in the Asia Pacific region face a quickly expanding threat landscape,” An said.
The criminal network is also learning from its international peers.
“To accelerate profitability, the Chinese hacking community has adopted tactics and techniques similar to Russian and other prominent cybercriminal underground markets to become more structured and service-oriented,” research director An said.
In contrast to the Russian cybercrime networks, however, China’s dark web cyber system seems to have adopted a mentor-disciple model. Also referred to as the “master-apprentice mechanism,” the model allows apprentices to work as hackers in training before they are deemed eligible to turn into full-time hackers who can serve their master hackers and engage in website hacking, targeted attacks and database exfiltration.
The underground cybercrimes markets have also built a reputation for great customer service, with some hackers reportedly expanding working hours well into weekends, combined with 24/7 technical support. Some of their services include Distributed Denial of Service (DDoS), source code writing services, botnets and the traditional email/SMS spam and mailbox flooding services.
With the cybercriminal network in China getting more complex and diverse, hackers could soon target high-value business assets in the APAC region, researchers warned.