Almost ten years ago, the United States began to denounce and blame China for an online spy attack, carried out largely using low-level phishing emails against US companies for theft of intellectual property.
Monday, US blames China again cyber attacks. But these attacks were very aggressive and reveal that China has turned into a much more sophisticated and mature digital adversary than the one that baffled US officials ten years ago.
The Biden administration’s indictment of the cyber attacks, as well as interviews with dozens of current and former U.S. officials, show that China has revamped its hacking operations in the years since. While it once carried out relatively unsophisticated hacks of foreign companies, think tanks, and government agencies, China is now committing stealthy, decentralized digital attacks against US businesses and interests around the world.
According to US officials and the prosecution.
As phishing attacks persist, spy campaigns have gone underground and employ sophisticated techniques. These include the exploitation of “zero days” or unknown security vulnerabilities in widely used software. like Microsoft’s Exchange mail service and VPN Pulse Security Appliances, which are more difficult to defend against and which allow Chinese hackers to operate undetected for longer periods of time.
“What we’ve seen over the past two or three years is a move upmarket” from China, said George Kurtz, managing director of cybersecurity firm CrowdStrike. “They function more like a professional intelligence service than the smash-and-grab operators we’ve seen in the past.”
China has long been one of the biggest digital threats to the United States. In a 2009 National Intelligence Classified Estimate, a document that represents the consensus of 16 U.S. intelligence agencies, China and Russia topped the list of U.S. online adversaries. But China was seen as the most immediate threat due to the volume of its industrial commercial flights.
But that threat is even more troubling now due to China’s reorganization of its hacking operations. Additionally, the Biden administration has turned cyber attacks – including ransomware attacks – into a major diplomatic front with superpowers like Russia, and the United States’ relationship with China has steadily deteriorated on issues such as trade and technological supremacy.
China’s importance in hacking first manifested itself in 2010 with attacks on Google and RSA, the security company, and more in 2013 with a New York Times hack.
In 2015, Obama officials threatened to greet Chinese President Xi Jinping with a sanctions announcement during his first visit to the White House, after a particularly aggressive campaign. violation of the United States Office of Personnel Management. In the attack, Chinese hackers stole sensitive personal information, including more than 20 million fingerprints, from Americans who had obtained security clearance.
White House officials quickly struck a deal that China would stop hacking American companies and interests for industrial gain. For 18 months under the Obama administration, security researchers and intelligence officials observed a noticeable drop in Chinese hacking.
After President Donald J. Trump took office and trade disputes and other tensions with China accelerated, piracy resumed. In 2018, US intelligence officials noted a change: People’s Liberation Army hackers withdrew and were replaced by agents working at the behest of the Department of State Security, which manages intelligence. , security and China’s secret police.
The IP hacks, which benefited China’s economic plans, did not come from the PLA but from a looser network of shell companies and contractors, including engineers who worked for some of the major technology companies in the country, according to intelligence officials and researchers.
It was not clear exactly how China worked with these loosely affiliated hackers. Some cybersecurity experts have speculated that engineers are paid in moonlight cash for the state, while others have said network members have no choice but to do whatever the state asked them. In 2013, a classified note from the United States National Security Agency stated: “The exact affiliation with Chinese government entities is not known, but their activities indicate a likely need for intelligence from the Chinese Ministry of Security of State ”.
On Monday, the White House provided more clarity. In its detailed indictment, the United States accused China’s State Security Ministry of being behind an aggressive attack on Microsoft’s Exchange messaging systems this year.
The Justice Ministry has separately indicted four Chinese nationals for coordinating the hacking of trade secrets from companies in the aviation, defense, biopharmaceuticals and other industries.
According to the indictments, the Chinese nationals were operating from shell companies, like Hainan Xiandun, which the State Security Ministry set up to give Chinese intelligence agencies plausible deniability. The indictment included a photo of an accused Ding Xiaoyang, an employee of Hainan Xiandun, receiving a 2018 award from the State Security Ministry for his work in overseeing shell company hacks.
The United States has also accused Chinese universities of playing a vital role, recruiting students for shell companies and managing their main business operations, like payroll.
The indictment also named Chinese hackers “affiliated with the government” for carrying out ransomware attacks that extort millions of dollars from companies. The review of ransomware attackers previously focused largely on Russia, Eastern Europe, and North Korea.
Secretary of State Antony J. Blinken said in a statement Monday that China’s State Security Ministry “has fostered an ecosystem of criminal hackers who carry out both state-sponsored activities and cybercrime to their own financial gain ”.
China has also cracked down on research into vulnerabilities in widely spread software and hardware, which could potentially benefit the state’s surveillance, counterintelligence and cyberespionage campaigns. Last week he announced a new policy demand that Chinese security researchers notify the state within two days when they discover security flaws, such as the “zero days” the country has relied on to breach Microsoft Exchange systems.
This policy is the culmination of Beijing’s five-year campaign to rack up its own zero-days. In 2016, authorities brutally shut down China’s best-known private platform for reporting zero days and stopped its founder. Two years later, Chinese police announced that they would begin enforcing laws prohibiting “unauthorized disclosure” of vulnerabilities. The same year, Chinese hackers, regularly present in major Western hacking conventions, ceased to appear, by order of the State.
“If they continue to maintain this level of access, with the control they have, their intelligence community will benefit,” Kurtz said of China. “It’s an arms race in cyber.”