Nearly a decade ago, the United States began to name and shame China for an online espionage attack, much of which was conducted using low-level phishing emails against China. American companies for intellectual property theft.
On Monday, the United States again accused China of hacking. But these attacks are aggressive, and they reveal that China has morphed into a much more sophisticated and mature digital adversary than the one that confounded American officials a decade ago.
The Biden administration’s indictment of cyberattacks, along with interviews with dozens of current and former US officials, show that China has reorganized its hacking activities over the years. by. While the country has carried out relatively sophisticated attacks against foreign companies, think tanks and government agencies, China is now conducting stealth digital attacks, Decentralization of American companies and interests around the world.
Attacks carried out through sloppy emails from People’s Liberation Army units are now carried out by an elite satellite network of contractors at front companies and schools. The university works under the direction of China’s Ministry of State Security, according to US officials and the indictments.
While phishing attacks persist, espionage campaigns have gone underground and used sophisticated techniques. These include “zero-days” exploits or unknown security vulnerabilities in widely used software such as Microsoft’s Exchange email service and Pulse VPN security appliances, which are difficult to protect. and allows Chinese hackers to operate undetected for longer periods of time.
“What we’ve seen in the last two or three years is a new step forward for China,” said George Kurtz, chief executive officer of cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the theft operators we’ve seen in the past.”
China has long been one of the biggest digital threats facing the United States. In a classified 2009 national intelligence estimate, a document showing a consensus of all 16 US, Chinese and Russian intelligence agencies topped the list of US online adversaries. But China is seen as a more direct threat because of its amount of industrial commercial theft.
But that threat is even more worrisome because China is reforming its hacking practices. Furthermore, the Biden administration has turned cyberattacks – including ransomware attacks – into a major diplomatic front with superpowers like Russia, and America’s relationship with China today. worsened on issues including trade and technology.
China’s popularity in hacking first emerged in 2010 with attacks on Google and RSA, the security company, and again in 2013 with the attack on The New York Times.
In 2015, Obama officials threatened to greet China’s President Xi Jinping with an announcement of sanctions during his first visit to the White House, following a particularly aggressive violation. of the United States Office of Personnel Management. In that attack, Chinese hackers used sensitive personal information, including more than 20 million fingerprints, of licensed Americans.
White House officials soon reached an agreement that China would stop attacking American companies and interests for their own industrial interests. In the 18 months under the Obama administration, security researchers and intelligence officials have observed a significant drop in Chinese hacking.
After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking continued. In 2018, US intelligence officials noted a change: People’s Liberation Army hackers were decommissioned and replaced by special forces working under the orders of the Department of State Security. China’s intelligence, security and secret police agency.
According to intelligence officials and researchers, the intellectual property attacks that benefit China’s economic plans do not originate in the PLA, but rather a loose network of agents. front companies and contractors, including engineers who work for some of the country’s top technology companies.
It is unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculate that the engineers have been paid cash to the state, while others say those in the network have no choice but to do whatever the state does. request. In 2013, a top-secret memo from the US National Security Agency said, “Exact affiliations with Chinese government entities are not known, but their activities suggest possible has an intelligence request feed from China’s Ministry of State Security.”
On Monday, the White House provided more clarity. In its detailed indictment, the United States accused China’s Ministry of State Security of being behind an active attack on Microsoft’s Exchange email system this year.
The Justice Department separately indicted four Chinese nationals for coordinating the theft of trade secrets from companies in the aviation, defense, biopharmaceutical and other industries.
According to the indictment, the Chinese nationals operate from front companies, such as Hainan Xiandun, set up by the Ministry of State Security to provide Chinese intelligence agencies with legitimate denial. The indictment includes a photo of one defendant, Ding Xiaoyang, an employee of Hainan Xiandun, who received a 2018 award from the Ministry of State Security for his work monitoring front company attacks.
The United States also accuses Chinese universities of playing an important role, recruiting students to front companies and running their key businesses, such as payroll.
The indictment also points out that Chinese hackers “linked to the government” carried out ransomware attacks that extorted millions of dollars from companies. The scrutiny of ransomware attackers has previously mostly fallen to Russia, Eastern Europe, and North Korea.
Secretary of State Antony J. Blinken said in a statement on Monday that China’s Ministry of State Security “has nurtured an ecosystem of criminal contract hackers who also carry out state-sponsored activities.” aid and cybercriminals for their own financial gain”.
China also restricts research into widely circulated software and hardware vulnerabilities that could benefit state surveillance, counterintelligence and cyber espionage campaigns. Last week, it announced a new policy that requires Chinese security researchers to notify the state within two days when they find security vulnerabilities, such as “zero-days” that the country cannot detect. This is based on when violating the Microsoft Exchange system.
The policy is the culmination of Beijing’s five-year campaign to hoard its own zero days. In 2016, authorities abruptly shut down China’s most famous private platform for reporting zero-days and arrested its founder. Two years later, Chinese police announced they would begin enforcing a law banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at major Western hacking conferences, stopped showing up, by order of the state.
“If they continue to maintain this level of access, with the control they have, their intelligence community will benefit,” Kurtz said of China. “It’s an arms race in cyberspace.”