How China Has Turned into a Primary Cyber ​​Threat for the US


About a decade ago, the United States began naming and shaming China for an online espionage attack; much of this was done using low-level phishing emails against American companies for intellectual property theft.

Monday, US blames China once again cyber attacks. But these attacks were extremely aggressive and reveal that China has evolved into a far more sophisticated and mature digital adversary than what surprised US officials a decade ago.

Interviews with dozens of current and former American officials, as well as the Biden administration’s indictment of cyber attacks, show that China has reorganized its hacking operations in the intervening years. Where once it carried out relatively simple attacks on foreign companies, think tanks, and government institutions, China now carries out covert, decentralized digital attacks on American companies and interests around the world.

According to US officials and US officials, hacks carried out via sloppy spearphishing emails by People’s Liberation Army units are now being carried out by an elite network of satellite contractors at universities and front companies working for the Chinese Ministry of State Security. indictment.

As phishing attacks continued, espionage campaigns went underground and used sophisticated techniques. These include exploiting “zero-day” or unknown vulnerabilities in commonly used software. Like Microsoft’s Exchange email service and Pulse VPN security devices, which is harder to defend and allows China’s hackers to operate undetected for longer periods of time.

“It’s a level-up that we’ve seen by China over the last two or three years,” said George Kurtz, CEO of cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the fragment and container operators we have seen in the past.”

China has long been one of the biggest digital threats to the US. In the 2009 classified National Intelligence Estimate, a document representing the consensus of all 16 US intelligence agencies, China and Russia topped the list of America’s online rivals. But China was considered the more immediate threat because of the volume of industrial trade theft.

But this threat is even more troubling now as China renews its hacking operations. In addition, the Biden administration has attacked cyberattacks, including ransomware attacks. great diplomatic front Relations with superpowers like Russia and the US with China have steadily deteriorated over issues such as trade and technology superiority.

China’s importance to hacking first came to the fore in 2010 with attacks on security company Google and RSA. With a hack of The New York Times in 2013.

In 2015, Obama officials threatened to greet Chinese President Xi Jinping during his first visit to the White House with the announcement of sanctions after a particularly aggressive stance. Violation of the US Office of Personnel Management. In this attack, Chinese hackers escaped with sensitive personal information, including more than 20 million fingerprints for Americans who had been given security clearance.

White House officials soon reached an agreement China will stop hacking American companies and interests for its industrial interests.. for 18 months During the Obama administration, security researchers and intelligence officials observed a notable decline in Chinese hacking.

After President Donald J. Trump took office and precipitated trade conflicts and other tensions with China, hacking resumed. By 2018, US intelligence officials noted a shift: People’s Liberation Army hackers retreated and were replaced by agents working at the behest of the Ministry of State Security, which manages China’s intelligence, security, and secret police.

According to intelligence officials and researchers, the intellectual property hacks that benefit China’s economic plans did not originate from the PLA, but rather a looser network of shell companies and contractors, including engineers working for some of the country’s leading tech companies.

It was unclear exactly how China was working with these loosely-linked hackers. Some cybersecurity experts said engineers were paid cash to moonlight for the government, while others said those in the network had no choice but to do what the government wanted. “His exact affiliation with Chinese government agencies is unknown, but his activities indicate a possible supply of intelligence requirements from China’s Ministry of State Security,” said a confidential memo to the US National Security Agency in 2013.

On Monday, the White House provided further clarity. In the detailed indictment, the US accused China’s Ministry of State Security of being behind a vicious attack on Microsoft’s Exchange email systems this year.

The Ministry of Justice separately accused four Chinese citizens of coordinating the hacking of trade secrets of companies in the aerospace, defense, biopharmaceutical and other industries.

According to the indictments, Chinese citizens were operating from shell companies such as Hainan Xiandun, which was set up by the Ministry of State Security to provide reasonable deniability to Chinese intelligence agencies. The indictment also included a photograph of the defendant named Ding Xiaoyang, a Hainan Xiandun employee, who received a 2018 award from the Ministry of State Security for his work in overseeing the hacking of the front company.

The United States has also accused Chinese universities of playing a critical role, recruiting students to front companies and running core business operations such as payroll.

The indictment also pointed to Chinese “government-linked” hackers who carried out ransomware attacks that blackmailed millions of dollars from companies. The scrutiny of ransomware attackers had previously largely fallen to Russia, Eastern Europe, and North Korea.

Foreign Minister Antony J. Blinken said on Monday that China’s Ministry of State Security is “promoting an ecosystem of criminal contract hackers who engage in both state-sponsored activities and cybercrime for their own financial gain.”

China has also restricted research into vulnerabilities in widely held software and hardware that could potentially benefit government surveillance, counterintelligence and cyberespionage campaigns. Last week, announced a new policy It requires Chinese security researchers to notify the government within two days when they find vulnerabilities, such as “zero days”, which the country relied on to breach Microsoft Exchange systems.

The policy is the culmination of Beijing’s five-year campaign to accumulate its own zero-days. In 2016, authorities launched China’s best-known private platform for zero-day and arrested its founder. Two years later, Chinese police announced that they would begin enforcing laws prohibiting “unauthorized disclosure” of security vulnerabilities. In the same year, Chinese hackers who were regulars at major Western hacking meetings, He stopped appearing by order of the state.

“The intelligence communities will benefit if they continue to maintain this level of access with the control they have,” Kurtz said of China. “An arms race in cyberspace.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *