Chinese Cyber-Espionage

"In this case, malware was downloaded onto the victims' system after users, using a vulnerable version of Internet Explorer, visited compromised websites."
"The apparent objective of this activity is the theft of intellectual property, trade secrets, and other sensitive or proprietary information."
Canadian Cyber Incident Response Centre report

It is becoming so commonplace, trick emails carrying malware leading to password theft, and often enough Chinese hackers are found to be responsible for that unauthorized cyber-espionage, meant to profit whoever it is that exploits vulnerabilities in human nature and computer software to obtain documentation in trade secrets, formulas, and proprietary information that promises to benefit them. In the past Canadian Internet intelligence experts have tracked the source to Chinese military bases.

The attack in question, which the report addressed, was serious enough to lead to an emergency closing of the National Research Council's computer network in July. State-sponsored digital assaults have become increasingly common. They emanate through the discourtesy of State apparatus of one kind or another, employing computer hackers tasked with retrieving valuable data in a shortcut to scientific and technological data-gathering.

Canada's National Research Council is known worldwide for its advanced research in aerospace, health. mining and physics. Insidiously skilled perpetrators infiltrating the NRC website succeeded in their mission to "establish a foothold" within the NRC networks. Computer-system vulnerabilities exist in any system, and it becomes a challenge to perpetrators using complex techniques to successfully intrude.

China, needless to say, takes huge umbrage at any charges that it or any of its agencies, engages in cyber-espionage, but it has a long track record of such espionage, gathering data otherwise not available to them through illicit means, short-cutting the necessity of conducting their own research, using that of others to vault themselves into new cutting-edge techniques and discoveries advantaging themselves enormously in time, expertise and funding.

The "exploitation cycle" of the attack at the NRC was detailed in the report; beginning with the assembling of NRC employees' email addresses and the use of those addresses to send messages with malicious links; "spear phishing". Any employees not sufficiently alert to recognize the type of message carrying such risks leave themselves vulnerable to infiltration.