What we know about China’s alleged state-backed hacking
By Peter CATTERALL
Beijing (AFP) Feb 1, 2024
The United States has said it successfully dismantled a China-based hacking network known as “Volt Typhoon”, accusing it of infiltrating critical US infrastructure networks with the goal of disabling them in the event of conflict.
The group — active since 2021 — is allegedly primed to cripple sectors spanning communications, transportation and government.
The FBI has said that China has the biggest hacking program of any country.
Beijing has dismissed the claims as “groundless” — and pointed to the United States’ own history of cyber espionage.
Here’s what we know about Beijing’s hacking operations:
– ‘Persistent threat’ –
Washington has warned that China represents “the broadest, most active, and persistent cyber espionage threat” to its government and private sector.
Its hackers have become adept in recent years at breaking into rival nations’ digital systems to gather trade secrets, according to researchers and Western intelligence officials.
In 2021, the United States, NATO and other allies said China had employed “contract hackers” to exploit a breach in Microsoft email systems, giving state security agents access to sensitive information.
Chinese spies have also hacked the US energy department, utility companies, telecommunications firms and universities, according to US government statements and media reports.
Beijing has been linked to 90 cyber espionage campaigns since the turn of the century — 30 percent more than its close partner Russia, Benjamin Jensen, senior fellow at the Center for Strategic and International Studies, told Congress last year.
– Striking infrastructure –
Microsoft said last May that it had detected a campaign by China-backed Volt Typhoon against critical US infrastructure.
“Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft said, adding that the goal was to be able to disrupt communications infrastructure in the United States and Asia during crises.
In November, the company said Volt Typhoon was trying to improve its methods and had added universities to its target list.
US authorities said they removed the group’s malware from compromised US-based routers.
Volt Typhoon appeared to be a highly sophisticated operation that could originate from a “specialised cyber intrusion contractor”, Matthew Brazil, a Senior Fellow at The Jamestown Foundation and a former US diploma, told AFP.
Wednesday’s announcement could mean the United States directly immobilised the hackers at the source, Brazil said, though that remains unclear.
“If so, the stakes seem to be rising… with China deciding to prepare for war by engaging in these aggressive actions and the US taking off the gloves and disabling that capability,” he added.
Intelligence agencies bosses from the Five Eyes — an information-sharing alliance of major English-speaking countries — met in October for the first time ever and for one reason: China.
Mike Burgess, head of the Australian Security Intelligence Organisation, told the gathering that the meeting would focus on “behaviour that goes well beyond traditional espionage”.
His UK counterpart said his country was monitoring “massive amounts” of Chinese cyber activity every week.
– ‘Biggest hacking empire’ –
The United States has its own ways of spying on China, deploying surveillance, interception techniques, and networks of informants.
And Washington’s own forays into cyber warfare, online surveillance and hacking are well-documented.
Beijing points to these examples when attention turns to its cyber-attacks, accusing Washington of being “world’s biggest hacking empire”.
It flatly denies allegations that it engages in state-organised hacking operations of overseas targets, dismissing Microsoft’s report from last May as “extremely unprofessional”.
Last July, public security officials in Wuhan said they had discovered a cyberattack on the central city’s earthquake monitoring centre, which they said originated in the United States.
Chinese foreign ministry spokeswoman Mao Ning said at the time that the attack represented a grave threat to the country’s national security.
“The US government is engaged in malicious cyber operations against not just China… while blaming China for so-called ‘hacking attacks’,” Mao said.