China News: Inside the vast Chinese hacker network and how it became a leading cyber threat to the United States
On Monday, the United States again accused China of cyberattacks. But these attacks were very aggressive and reveal that China has turned into a much more sophisticated and mature digital adversary than the one that baffled US officials ten years ago.
The Biden administration’s indictment of the cyber attacks, along with interviews with dozens of current and former US officials, show that China has revamped its hacking operations in the years since. While it once carried out relatively unsophisticated hacks of foreign companies, think tanks, and government agencies, China is now committing stealthy, decentralized digital attacks against US businesses and interests around the world.
According to US officials and the prosecution.
As phishing attacks persist, spy campaigns have gone underground and employ sophisticated techniques. These include the exploitation of “zero days” or unknown security vulnerabilities in widely used software such as Microsoft’s Exchange mail service and Pulse VPN security devices, which are more difficult to defend against and allow. Chinese hackers to operate undetected for longer periods of time.
“What we’ve seen over the past two or three years is a move upmarket” from China, said George Kurtz, CEO of cybersecurity firm CrowdStrike. “They function more like a professional intelligence service than the smash-and-grab operators we’ve seen in the past.”
China has long been one of the biggest digital threats to the United States. In a 2009 National Intelligence Classified Estimate, a document that represents the consensus of 16 U.S. intelligence agencies, China and Russia topped the list of U.S. online adversaries. But China was seen as the most immediate threat due to the volume of its industrial commercial flights.
But that threat is even more troubling now due to China’s reorganization of its hacking operations. Additionally, the Biden administration has turned cyberattacks – including ransomware attacks – into a major diplomatic front with superpowers like Russia, and the United States’ relationship with China has steadily deteriorated on issues such as commerce and technological supremacy.
China’s importance in the hack first manifested itself in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of the New York Times.
These violations and thousands more prompted the Obama administration to point the finger at China People’s Liberation Army hackers in a series of industrial trade theft indictments in 2014. – a few estimated thousands – of breaches of US companies, the Times reported.
In 2015, Obama officials threatened to greet Chinese President Xi Jinping with a sanctions announcement during his first visit to the White House, after a particularly aggressive violation of the US Bureau of Personnel Management. In the attack, Chinese hackers stole sensitive personal information, including more than 20 million fingerprints, from Americans who had obtained security clearance.
White House officials quickly struck a deal that China would stop hacking American businesses and interests in its industrial interest. For 18 months under the Obama administration, security researchers and intelligence officials observed a noticeable drop in Chinese hacking.
After President Donald Trump took office and trade disputes and other tensions with China accelerated, piracy resumed. In 2018, US intelligence officials noted a change: People’s Liberation Army hackers withdrew and were replaced by agents working at the behest of the Department of State Security, which manages intelligence. , security and China’s secret police.
The intellectual property hacks, which have benefited China’s economic plans, do not come from the PLA but from a looser network of shell companies and entrepreneurs, including engineers who have worked for some of the major technology companies in the country, according to intelligence officials and researchers.
It was not clear exactly how China worked with these loosely affiliated hackers. Some cybersecurity experts have speculated that engineers are paid in moonlight cash for the state, while others have said network members have no choice but to do whatever the state was asking. In 2013, a classified note from the United States National Security Agency stated: “The exact affiliation with Chinese government entities is not known, but their activities indicate a likely need for intelligence from the Chinese Ministry of Security of State ”.
On Monday, the White House provided more clarity. In its detailed indictment, the United States accused China’s State Security Ministry of being behind an aggressive attack on Microsoft’s Exchange messaging systems this year.
The Justice Ministry has separately indicted four Chinese nationals for coordinating the hacking of trade secrets from companies in the aviation, defense, biopharmaceuticals and other industries.
According to the indictments, the Chinese nationals were operating out of shell companies, like Hainan Xiandun, which the State Security Ministry set up to give Chinese intelligence agencies plausible deniability. The indictment included a photo of an accused Ding Xiaoyang, an employee of Hainan Xiandun, receiving a 2018 award from the State Security Ministry for his work in overseeing shell company hacks.
The United States has also accused Chinese universities of playing a vital role, recruiting students for shell companies and managing their main business operations, such as payroll.
The indictment also named Chinese hackers “affiliated with the government” for carrying out ransomware attacks that extort millions of dollars from companies. The review of ransomware attackers previously focused largely on Russia, Eastern Europe, and North Korea.
Secretary of State Antony Blinken said in a statement Monday that China’s State Security Ministry “has fostered an ecosystem of criminal hackers who carry out both state-sponsored activities and cybercrime on their own. financial gain ”.
China has also cracked down on research into vulnerabilities in widely spread software and hardware, which could potentially benefit the state’s surveillance, counterintelligence and cyberespionage campaigns. Last week, he announced a new policy requiring Chinese security researchers to notify the state within two days when they discover security breaches, such as the “zero days” that the country has relied on for. violate Microsoft Exchange systems.
This policy is the culmination of Beijing’s five-year campaign to rack up its own zero-days. In 2016, authorities brutally shut down China’s best-known private platform for zero-day reporting and arrested its founder. Two years later, Chinese police announced that they would begin enforcing laws prohibiting “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were regularly present at major Western hacking conventions, stopped showing up, by order of the state.
“If they continue to maintain that level of access, with the control they have, their intelligence community will benefit,” Kurtz said of China. “It’s an arms race in cyber.”