Chinese state-sponsored piracy is at record levels, Western experts say, accusing Beijing of engaging in a low-level form of warfare that is escalating despite political efforts by the United States, Britain and others to stop it. .
There are also allegations that the underground activity, which focuses on the theft of intellectual property, has become more open and reckless, although Beijing consistently denies sponsoring the piracy and accuses critics of hypocrisy.
Jamie Collier, a consultant for Mandiant, a cybersecurity firm whose work is often cited by intelligence agencies, said the level of hacking that emerged from China in 2021 was “a more serious type of threat than we anticipated.”
That culminated in July when the US, the EU, NATO, the UK and four other countries accused Beijing of being behind a massive exploitation of vulnerabilities in the Exchange company’s server software, widely used by Microsoft, in March. In some cases they blamed the Chinese Ministry of State Security (MSS) for directing the activity.
It affected some 250,000 organizations worldwide, allowing hackers in a group, which Microsoft has called Hafnium, to divert company emails for espionage, with the help of an easy “web shell” tool. to use that allows anyone with the correct password to access a compromised Exchange server.
Once Microsoft was publicly alerted to the activity, the attacks rapidly escalated against organizations that had not patched Exchange. Criminals, now aware of what was happening, were able to exploit the web shells and in some cases were caught by booby traps if removed – a blatant aspect of hacking that surprised experts.
Ciaran Martin, executive director of the UK’s National Cyber Security Center until last year, said: “What you saw here was sheer recklessness. Hafnium’s attack on the Exchange was in stark contrast to Russia’s exploitation of SolarWinds software for espionage purposes.
“In that case, there was no collateral damage, but as for Hafnium, when they realized they had been caught, the hackers set the software into a trap on their way out.”
China, however, consistently denies involvement in hacking despite attempts by the United States and others to shame it. In July, the country’s Foreign Ministry accused Washington of “allying itself with its allies” and engaging in “politically motivated defamation and repression.”
He said the United States was “the largest source of cyberattacks in the world,” which underlies the lack of agreement on the issue and touches on a genuine source of frustration in Beijing: that the United States and other Western allies have long been involved. time in traditional politics. espionage against countries like this.
However, it wasn’t meant to be: In September 2015, Presidents Barack Obama and Xi Jinping jointly announced a cybersecurity agreement.
“Neither government will knowingly participate in or support the theft of intellectual property online,” Xi said during a visit to the White House. following similar Obama language. A month later, an almost identical agreement was signed between the United Kingdom and China.
At first, the deal had a chilling effect, at least on the Chinese side, and reports of piracy emanating from the country dropped sharply from what experts describe as “loud and loud” attempts to steal intellectual property in the past.
But the situation changed after the election of Donald Trump in 2016, who adopted a more openly combative tone towards Beijing. Meanwhile, China reorganized its piracy activities, removing the global operations of the People’s Liberation Army and shifting them to the MSS.
In the west, the penny fell slowly as security agencies began to understand the impact of Operation Cloud Hopper, the name given to a sophisticated spy campaign carried out against third-party IT service providers, with the aim of of infiltrating them to steal secrets from a wide range of companies such as Swedish telecommunications equipment manufacturer Ericsson.
The campaign may have unfolded during the 2010s, but by 2017 it had become increasingly visible to Western intelligence, revealing, as Martin observed, that “it was clear that with the deterioration of Sino-US relations, China no longer felt bound by the Obama deal. “
A year later, in December 2018, the US and the UK named a Chinese group known as APT10 or Stone Panda as responsible for the Cloud Hopper hack. Was the first time the British accused the Chinese government of being responsible for a cyber campaign, saying that the MSS was directing or operating behind the hackers.
“In the past, Chinese groups were very sensitive to accusations, naming and the shame of public attribution,” Collier said. “Indeed, when the governments called them, it was seen relatively quickly after those things happened, the activity decreased. But what we are seeing is that this is no longer the case ”.
Industrial espionage efforts by Chinese actors often closely follow the targets announced in Beijing’s five-year plans, Collier added, although British intelligence agencies and others said there was a notable and unsurprising shift in approach to targeting. the secrets of vaccine development in the initial stage of the pandemic.
Another common tactic is posing as recruiters on LinkedIn. A typical profile is that of a woman trying to entice officials and executives from key industries to reveal more about her job in exchange for what turns out to be a bogus job offer.
Britain’s national spy agency MI5 estimated that 10,000 people had been targeted over the past five years, and described in April that the activity was taking place on an “industrial scale.” The spy chiefs did not directly blame Beijing, but the opinion of Five Eyes intelligence agencies is that this technique is dominated by Chinese actors.
The rhetoric continues to mount. General Patrick Sanders, Britain’s highest ranking cyber general, the head of the strategic command, last week accused both China and Russia by name of participating in “the expansion of the war into the new realms of space and cyber “in a speech to a UK defense industry. conference.
It was, the general argued, part of a broader ideological struggle that amounts to “an approach that seeks to win without fighting,” a far cry, in effect, from the rhetoric of Internet cooperation adopted six years ago.
George is Digismak’s reported cum editor with 13 years of experience in Journalism