May 17, 2022

Operation CuckooBees

Industry: Aerospace, Biotechnology, Defense, Energy, Pharmaceuticals | Level: Strategic | Source: Cybereason

Cybereason conducted a 12-month investigation named Operation CuckooBees, researching a sophisticated global cyber espionage campaign stealing intellectual property. The campaign is considered to be attributed to the Chinese state-sponsored APT group, Winnti. Industries impacted are identified as Aerospace, Biotechnology, Defense, Energy, and Pharmaceuticals. Geographical impact was found in North America, Europe, and Asia. Cybereason has identified many companies as never reveling a breach and evidencing pointing to a longer campaign, stemming as far back as 2019. The business impact of intellectual property theft is not as immediate as threats like ransomware, DDoS, and others however, the market and financial impact is a long game. Company investment in research and development (R&D) efforts can’t be recouped and competition becomes more difficult if they’re competing against their own product. Many common means of exploits are pointed to as the cause of compromise to organizations such as “unpatched systems, insufficient network segmentation, unmanaged assets, forgotten accounts, and a lack of multi-factor authentication.” Despite a representative from the Chinese Embassy denying Chinese involvement in cyberattacks, it is likely untrue coming from a nation-state actor.