Chinese state-backed cyberattacks hack off potential adversaries


December 5, 2023


Chinese state-backed cyberattacks hack off potential adversaries

Image for Representation/ANI

HONG KONG: Few doubt that China is responsible for a massive campaign of computer hacking and nefarious cyber activities.

Beijing denies any culpability for cyberattacks, calling such accusations “baseless”, but the weight of evidence rests squarely against China.

The US Office of the Director of National Intelligence, in its 2023 Annual Threat Assessment, recognized the threat: “China probably currently represents the broadest, most active and persistent cyber espionage threat to US government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the US homeland.”

If this were not damning enough, the report continued: “China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”

This assessment was borne out by a Chinese state-sponsored threat group called Volt Typhoon, responsible for attacks this year, some of the largest ever, on American infrastructure. Five Eyes partners publicly disclosed the worrying threat posed by Volt Typhoon in May, since the group’s activities represent far more than the usual espionage conducted by nations.

The group preplaced technical implants and achieved long-term access into adversaries’ networks, such prepositioning showing maturity in the People’s Liberation Army’s (PLA) joint information warfare capabilities. Pukhraj Singh, Director of the Centre for Epistemic Security, wrote for the Australian Strategic Policy Institute (ASPI): “The military cyber elements seem to have been extricated from the stovepipes of the theater commands and are ready to produce strategic effects extending beyond the Indo-Pacific. And the integration isn’t just militaristic but also political: the PLA is the Chinese Communist Party’s (CCP) army. Strategic cyber operations are directly sanctioned by the Central Military Commission, and ultimately authorized by Xi.”

Singh further posited: “The intelligence that has trickled through from the Five Eyes points to interesting doctrinal and strategic developments in the Chinese cyber establishment, especially the extent and success of its integration with the PLA.”

Two groups are broadly responsible for China’s state-sponsored hacking – the PLA and Ministry of State Security (MSS). The latter oversees most state-sponsored hacking activities abroad. US officials are displaying greater willingness to point fingers. For example, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), defined China’s cyber-espionage and sabotage capacities as an “epoch-defining threat” earlier this year.

She added that in the event of warfare, “aggressive cyber operations” would threaten critical US transportation infrastructure “to induce societal panic”. Easterly warned: “It’s going to be very, very difficult for us to prevent disruptions from happening.”

According to the European Repository of Cyber Incidents, 240 worldwide state-sponsored cyberattacks from 2005-23 were attributed to China, compared to 158 from Russia, 103 from Iran and 74 from North Korea. Although 25 per cent of the global online population is in China, the latter clearly has the largest footprint in state-sponsored hacking. Some 78 per cent of its hacking attempts aimed to steal data. Chinese hacking groups tend to be active for approximately three years, and each group tends to concentrate on no more than four countries. However, there are exceptions, such as APT41, which has been operating for 13 years and whose activities have been identified in 14 different nations.

The US Justice Department announced charges against seven APT41 hackers in September 2020. The US Secret Service also accused APT41 of stealing millions of dollars in COVID-19 relief benefits from 2020-22. There are many other groups too. Storm-0558 allowed Chinese hackers to access email accounts of around 25 organizations, including US government agencies and individuals like US Envoy to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. APT27 claimed responsibility for attacks during a Taipei visit by former House of Representatives Speaker Nancy Pelosi in August 2022. Mandiant also accused it of compromising the computer networks of at least six US state governments between May 2021 and February 2022. Elsewhere, the 2021 Microsoft Exchange attack by Hafnium affected some 250,000 targets.

As another example, ShadowPad, backed by the PLA, was discovered in India’s power grid in 2021 during the border standoff. Furthermore, hacking software, known as Aria-body and with alarming intrusive capabilities, has been used against governments and state-owned companies in Australia and Southeast Asia. This virus allows hackers to remotely take over a computer, manipulate files and set up secret communications back to the hackers.

Israeli cybersecurity company Check Point Software Technologies identified Aria-body as coming from the Chinese hacker group Naikon, which is connected to the PLA at a Kunming location. Lotem Finkelstein of Check Point, said: “The Naikon group has been running a longstanding operation, during which it has updated its new cyber-weapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific.” Such conclusions were also borne out by a report recently published by the Mercator Institute for China Studies (MERICS), a non-profit think-tank based in Berlin. This research by Antonia Hmaidi, entitled “Here to Stay – Chinese State-Affiliated Hacking for Strategic Goals”, highlighted the extent and purpose of Chinese efforts in the cyber domain.

Hmaidi reached some key findings in her MERICS report, as Beijing becomes more sophisticated and its cyberattacks closely follow the strategic goals of the CCP. The US is by far China’s largest target, followed by India, Japan, Taiwan and Vietnam respectively. Nonetheless, Europe is not immune, and so the MERICS researcher noted that Chinese hacking poses a risk to Europe’s long-term prosperity. Indeed, the European Commission estimates that cyberattacks cost EUR5.5 trillion globally.

Furthermore, in Germany, cyberattacks caused 86 per cent of companies to suffer damage, and cost EUR223 billion (or 6 per cent of national GDP) in 2021 alone. Last year, 43 per cent of German companies said they had been cyberattacked by China.