AUS-based cybersecurity company recently found out that China’s People’s Liberation Army (PLA) has purchased antivirus products from security vendors from the US, Europe and Russia, with the intent to identify vulnerabilities that can be used for compromise.
Citing a report by cybersecurity firm “Recorded Future” , news service The CyberWire said that this purchase came under scanner because Beijing has already banned the use of foreign antivirus products, citing security risks.
The report points out that the focus on English versions of these products is notable because Chinese-language versions would be the more logical choice if the software was intended for legitimate use. It further said the purchase of foreign antivirus software by the PLA poses a “high risk to the global antivirus software supply chain.”
“PLA cyber units and affiliated hacking groups will use foreign antivirus programs as a testing environment for natively developed malware. They will run the malware through foreign antivirus products to test its ability to evade detection, thereby making it more likely to successfully infect its targeted victims,” experts said. They added that the PLA cyber units and affiliated hacking groups could also possibly reverse engineer the foreign antivirus software code to find previously undisclosed vulnerabilities.
“They will then use the newly discovered vulnerabilities in a zero-day attack for initial intrusion,” the report added.
China’s PLA buying foreign antivirus products to identify vulnerabilities: Report
AUS-based cybersecurity company recently found out that China’s People’s Liberation Army (PLA) has purchased antivirus products from security vendors from the US, Europe and Russia, with the intent to identify vulnerabilities that can be used for compromise.
Citing a report by cybersecurity firm “Recorded Future” , news service The CyberWire said that this purchase came under scanner because Beijing has already banned the use of foreign antivirus products, citing security risks.
The report points out that the focus on English versions of these products is notable because Chinese-language versions would be the more logical choice if the software was intended for legitimate use. It further said the purchase of foreign antivirus software by the PLA poses a “high risk to the global antivirus software supply chain.”
“PLA cyber units and affiliated hacking groups will use foreign antivirus programs as a testing environment for natively developed malware. They will run the malware through foreign antivirus products to test its ability to evade detection, thereby making it more likely to successfully infect its targeted victims,” experts said. They added that the PLA cyber units and affiliated hacking groups could also possibly reverse engineer the foreign antivirus software code to find previously undisclosed vulnerabilities.
“They will then use the newly discovered vulnerabilities in a zero-day attack for initial intrusion,” the report added.