Reports indicate that the Chinese-based intrusion of U.S. Chamber of Commerce networks went on for as long as six months before being detected.
System administrators at the Chamber were unaware of the breach until they were notified by the FBI after some of the organization's documents were discovered on Chinese web servers.
The operation is being characterized as an Advanced Persistent Threat (APT), typically used to describe infiltrations that take place over a long period of time and utilize a combination of sophisticated measures to gain access to protected networks.
"What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," said the Chamber's COO David Chavern.
Chinese state officials have completely denied any knowledge of or connection to the operation, reiterating their claims that they ave a zero tolerance policy for unauthorized access and hacking of foreign networks.
U.S. security experts refute China's assertion that the state does not actively support offensive cyber operations for the purpose of exfiltrating valuable proprietary and trade secret information in an effort to gain an economic edge against rival nations.
“This happens all the time. This is essentially the modus operandi of China’s economic espionage campaign. Hackers use a trade group as a beachhead to compromise the constituency. What intellectual property does the Chamber have? They don’t. But they’re trusted," said Tom Kellermann, a member of President Barack Obama’s commission on cyber security.
Some believe that the breach revelations could affect information sharing activities between the Chamber and member companies and organizations given the depth and duration of the network intrusion.
“Businesses are already worried about the cyber theft of their internal trade secrets. Now they have to worry that the sensitive information they’ve shared with the Chamber is compromised,” said Good Harbor's Jacob Olcott, a principal with consulting firm's cybersecurity team.
In a touch of irony, the U.S. Chamber had been one of the more outspoken critics of some proposed cybersecurity legislation, according to a document cited by the Wall Steet Journal.