Experts Say China’s Low Level Cyber Warfare Becomes Serious Threat | China
Chinese state-sponsored hacking is at record highs, Western experts say, accusing Beijing of engaging in a low-intensity form of warfare that is escalating despite US, UK and other political efforts to end it .
There are also accusations that underground activity, which emphasizes the theft of intellectual property, has become more overt and reckless, although Beijing consistently denies sponsorship of the hack and accuses critics of hypocrisy.
Jamie Collier, a consultant at Mandiant, a cybersecurity firm whose work is often cited by intelligence agencies, said the emerging level of hacking from China in 2021 was “a more serious threat than we previously anticipated.” .
It culminated in July with the US, EU, NATO, UK and four other countries all accusing Beijing of being behind a massive exploitation of vulnerabilities in enterprise server software. Microsoft’s widely used Exchange in March. In some cases, they accused the Chinese Ministry of State Security (MSS) of directing the activity.
It affected around 250,000 organizations worldwide, allowing hackers from a group Microsoft named Hafnium to siphon off company emails for espionage using a tool. Easy to use “web shell” that allows anyone with the correct password to hack a compromised Exchange server.
Once Microsoft was publicly alerted to the activity, attacks quickly escalated against organizations that had not patched Exchange. Criminals, now aware of what was going on, were able to exploit web shells and in some cases were tricked if they were removed – a cheeky aspect of the hack that surprised experts.
Ciaran Martin, Managing Director of the UK’s National Cyber Security Center until last year, said: “What you saw here was sheer recklessness. The Hafnium attack on Exchange was in stark contrast to Russia’s exploitation of SolarWinds software for espionage.
“In this case, there was no collateral damage, but as far as Hafnium is concerned, when they realized they had been caught, the hackers tricked the software out. “
China, however, consistently denies being involved in the hack despite attempts by the United States and others to embarrass it. In July, the country’s foreign ministry accused Washington of “teaming up with its allies” and engaging in “politically motivated libel and repression.”
He said the United States was “the biggest source of cyberattacks in the world”, pointing to the lack of agreement on the subject and pointing to a real source of frustration in Beijing – that the United States and other allies Westerners have long engaged in traditional political policies. espionage against countries like this.
Yet it wasn’t meant to be like this: In September 2015, Presidents Barack Obama and Xi Jinping jointly announced a cybersecurity deal.
“The two governments will not knowingly engage or support the online theft of intellectual property,” Xi said during a visit to the White House following similar language from Obama. An almost identical deal was signed between the UK and China a month later.
At first, the deal had a chilling effect, at least on the Chinese side, with piracy reports emanating from the country sharply reduced from what experts describe as “loud and loud” attempts to steal intellectual property previously. .
But the situation has changed following the election of Donald Trump in 2016, which adopted a more openly combative tone towards Beijing. China, meanwhile, has reorganized its hacking activities, suppressing the People’s Liberation Army’s global operations and transferring them to the MSS.
In the west, the penny slowly fell as security agencies began to understand the impact of Operation Cloud Hopper, the name given to a sophisticated spy campaign against third-party IT service providers, in the aim to infiltrate them to steal secrets from a wide range of companies such as Swedish telecommunications equipment maker Ericsson.
The campaign may have run throughout the 2010s, but by 2017 it had become increasingly visible to Western intelligence, revealing, as Martin observed, that “it was clear that with the deterioration of Sino-American relations, China no longer felt bound by the agreement with Obama ”.
A year later, in December 2018, the US and UK named a Chinese group known as APT10 or Stone Panda as the originator of the Cloud Hopper hack. It was the first time the British had accused the Chinese government of being responsible for a cybercampaign, claiming that the MSS was leading or operating behind the hackers.
“In the past, Chinese groups were very sensitive to the impeachment, name and shame of public attribution,” Collier said. “Sure enough, when governments called them in, you would see pretty quickly after these things happened, the business would collapse. But what we are seeing is that it is no longer the case. “
Chinese actors’ industrial espionage efforts often closely follow targets announced in Beijing’s five-year plans, Collier added, although British intelligence agencies and others have said there is a shift in focus. noticeable and unsurprisingly to target the secrets of vaccine development at the start of the pandemic.
Another common tactic is masquerading as recruiters on LinkedIn. A typical profile is of a woman who tries to entice officials and executives in key industries to reveal more about their work in exchange for what turns out to be a bogus job offer.
British domestic spy agency MI5 estimated that 10,000 people had been targeted in the past five years, in April describing the activity as taking place on “an industrial scale”. The spy chiefs have not directly accused Beijing, but the opinion of the Five Eyes intelligence agencies is that the technique is dominated by Chinese actors.
The rhetoric continues to escalate. General Patrick Sanders, Britain’s most senior cybergeneral, head of strategic command, last week accused China and Russia of engaging in “the expansion of the war into new areas of the world. ‘space and cyber’ in a speech to a UK defense industry. conference.
It was, according to the general, part of a larger ideological struggle that amounts to “an approach that seeks to win without a fight”, a far cry from the rhetoric of internet cooperation adopted six years ago. .