China’s Cyber War

China’s Cyber War

The U.S., along with the European Union, the United Kingdom, and NATO have banded together to expose and condemn China’s malicious cyber activities.

The information is not completely new. In 2020, CPO Magazine reported that Beijing’s  computer attack teams “are among the world’s oldest, most skilled and most active agents of cyber espionage. As respected as these groups already are as threats, a new report from BlackBerry indicates that their reach and capability may be even greater than previously thought. The report outlines a coordinated campaign by five of these groups that dates back at least eight years. The groups have been exploiting underlooked remote access vulnerabilities in Linux servers, using these as a launch point for malware attacks against Windows systems and Android devices…”

Beijing has dedicated ample military resources to its hacking enterprise. The People Liberation Army’s Unit 61398 is a full-time computer hacking center.

According to a White House release, “The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security.”

Washington is deeply concerned that China has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit. As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC Ministry of State Security (MSS) have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.

In some cases, the White House notes, PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars. The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.

U.S. Cybersecurity and Infrastructure Security Agency analysis found that the Chinese government engages in malicious cyber activities to pursue its national interests. Malicious cyber activities attributed to the Chinese government target U.S. industries and organizations including healthcare, financial services, defense industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace), communications, IT (including managed service providers), international trade, education, video gaming, faith-based organizations, and even law firms. China is conducting operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations, including organizations involved in healthcare, pharmaceutical, and research sectors working on COVID-19 response.

The U.S. Office of the Director of National Intelligence notes that “China presents a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat.” The Assessment states that “China can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.” Additionally, the Assessment states that “China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.”

In July, NATO’s North Atlantic Council expressed concern that “cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent. This has been recently illustrated by ransomware incidents and other malicious cyber activity, targeting our critical infrastructure and democratic institutions, as well as exploiting weaknesses in hardware and software supply chains.”

The Alliance attributed the recent Microsoft Exchange Server compromise to China.


Frank Vernuccio serves as editor-in-chief of the New York Analysis of Policy and Government

Print Friendly, PDF & Email