Article content continued

Researchers have “high confidence” that the five “are likely comprised of civilian contractors working in the interest of the Chinese government who readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts. This reflects a highly agile government/contractor ecosystem with few of the bureaucratic or legal hurdles that can be observed in Western nations with similar capabilities and provide a level of plausible deniability for the Chinese government.”

Related

VPN bug affects Linux, Unix systems

BlackBerry has given each of the five groups code names but said they use an approach dubbed the WINNTI technique after one of the groups, which was identified by Kaspersky in 2013. In fact, the report suggests four are offshoots of the original WINNTI Group. While traditionally their objectives are different, researchers indicate a “significant degree of co-ordination” between them, particularly when Linux platforms are targeted. “Any organization with a large Linux distribution should not assume they are outside of the target sets for any of these groups,” they added.

Targeting Red Hat Enterprise, CentOS, and Ubuntu Linux environments across a wide array of industry verticals, they are engaged in espionage and intellectual property theft. As most IT pros know, Linux is used in the backend systems, Web servers and database servers of many governments, major corporations, cloud providers and universities around the world. Developed to run on x86 servers but be more secure than Windows, the report suggests it has one possible weakiness: Its code is open source, giving attackers great knowledge of the operating system.