China has targeted US hackers

China has targeted US hackers

For much of the decade, US authorities and cybersecurity firms have been making accusations against cybercriminals that the US claims work for the Chinese government. According to security experts, these criminals have stolen terabytes of data from individuals ranging from pharmaceutical companies to video game companies, compromising servers, breaking down security protections and sabotaging hacking tools. With the increasing aggressiveness of these alleged cyber attacks, the first indictments of cybercriminals from the country have also arrived. It is possible, however, that things are changing.

Since early 2022, allegations of US cyber espionage by the Chinese foreign ministry and cybersecurity firms in the country have registered a significant increase. The allegations, however, which until now have been a rarity, present a problem: they seem to be based on technical details from several years ago already known to the public, which do not contain new information. China's move could represent a change of strategy for a country that is currently struggling to consolidate its position as a technological superpower.

The Chinese accusations See more Choose the newsletters you want to receive and subscribe ! Weekly news and comments on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. These are our new newsletters: innovation just a click away.

Arrow China's allegations - which were brought up by cybersecurity journalist Catalin Cimpanu - all follow a very similar pattern. On February 23, Chinese security firm Pangu Lab accused Equation Group, a hacker group of the US National Security Agency (NSA), of using a backdoor called Bvp47 to monitor 45 countries. The Global Times, a Chinese state-controlled tabloid, published an exclusive investigation into the Pangu Lab report. A few weeks later, on March 14, the newspaper published a second exclusive article on another NSA tool, Nopen, based on it. time on information from the Chinese National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 reported that US hackers were attacking Chinese companies and organizations. On April 19, the Global Times reported further findings from the center, this time relating to Hive, a malware developed by the CIA.

The news was accompanied by a flurry of statements, often in response to questions from local media, from spokesmen for the Chinese Foreign Ministry: "China is seriously concerned about the irresponsible malicious cyber activities carried out by the US government," Foreign Ministry spokesman Wang Wenbin said in April. We urge the United States to provide explanations and stop these malicious activities immediately. " In the first nine days of May, foreign ministry spokespersons commented on alleged US cyber activities at least three times.

Out of date information While cyber activities undertaken by state actors are often kept in highly confidential files, many US-developed hacking tools are no longer a secret. In 2017, WikiLeaks published nine thousand files as part of the leak known as Vault7, which detailed many of the tools used by the CIA. A year earlier, the mysterious hacking group Shadow Brokers stole data from one of the NSA's elite hacking teams, slowly disclosing it to the rest of the world. Shadow Brokers' leaks included dozens of exploits and new zero-days, including Eternal Blue, a hack tool that has since been used repeatedly in some extensive cyberattacks. Many of the details contained in the Shadow Brokers leaks coincide with the details revealed by Edward Snowden in 2013 about the NSA (an NSA spokesperson said he "has no comment" for this article).

According Ben Read, director of cyber espionage analysis at US cybersecurity firm Mandiant, Chinese state media allegations of alleged US cyber attacks are mostly based on old information. "From what I have seen, everything they have written relates to the United States via Snowden or Shadow Brokers leaks," explains Read.

Change of strategy Megha Pardhi, China researcher at Takshashila Institution, an Indian think tank, points out that publications and subsequent comments by Chinese officials can serve multiple purposes. Internally, China can use them for propaganda purposes, and to make the United States understand that it has the necessary skills to hold responsibility for IT activities. Furthermore, the strategy acts as a warning to other countries, says Pardhi: "The message is that even if you are allied with the United States, they will still hunt you down."

China is widely considered one of the actors more sophisticated and active state computer scientists, and is involved in espionage, cyberattacks for the purpose of espionage and data collection. Western authorities see the country as the biggest cyber threat in the world, ahead of Russia, Iran and North Korea.

WiredLeaks, how to send us an anonymous report China's possible change of strategy could be part of the picture broader than the country's technology use and development policies. In recent years, Chinese policies have been aimed at positioning the country as the dominant power in the technology standards sector, from 5G to quantum computers. A series of new cybersecurity and privacy laws govern in detail how companies must manage data and protect national information, such as information related to previously unknown vulnerabilities.

"One explanation could be that we are committed in a kind of ideological battle or, if we want to put it more prosaically, a marketing battle with China ", says Suzanne Spaulding, consultant to the Center for Strategic and International Studies and who previously held the position of senior official for the cybersecurity in the administration of former US President Barack Obama. Relations between the United States and China have become complicated in recent years, due to mounting tensions around national security issues, which include fears related to Chinese telecommunications giant Huawei. "China is offering, all over the world a competing model to Western-style democracy", adds Spaulding, who stresses that the Chinese accusations could represent a response to the greater cohesion of Western countries after the invasion of Ukraine by Russia. .

In July 2021, China's Ministry of Industry and Information Technology released plans to strengthen the private security sector by 2023. The ministry said companies based in China should invest more to defend against cyber attacks, adding that the entire industry should improve the development of network monitoring systems and threat detection techniques.

The decision to release details of long-known incidents, however, still raises many questions. Read wonders what the exact number of cyber espionage cases Chinese companies and authorities are actually detecting. The answer would provide significant insights into the country's real capabilities.

China's move appears to be strategic, says Che of TeamT5: "Considering the close relationship between Chinese cybersecurity firms and the government, our team speculates that these reports may represent a part of China's distraction strategy in cases where the country is accused of [fielding, ed] massive surveillance systems and espionage operations ".

This article originally appeared on UK.

Powered by Blogger.