Turned into the number one cyber threat.. How does China use sophisticated stealth attacks against the United States?

 

Over the past decade, China has reorganized its hacking operations, turning into a sophisticated and mature adversary, according to a New York Times report.
Nearly a decade ago, the United States began accusing China of cyber espionage attacks, the bulk of which were carried out using low-level phishing emails against American companies to steal intellectual property.
 

Last week, the United States again accused China of launching cyber attacks, but those attacks were very aggressive, revealing that China had turned into a more sophisticated and mature digital adversary than the one that stunned American officials a decade ago.
And writer Nikolai Billroth says - in a report published by the New York Times - that the indictment of US President Joe Biden's administration on cyber attacks - along with interviews with dozens of current and former US officials - shows that China reorganized hacking operations during these times. duration.
 
While it previously carried out relatively uncomplicated hacks of foreign companies, research centers and government agencies, China now carries out "decentralized" and "stealth" digital attacks - difficult to track and prove their source - on US companies and interests around the world.
 
The hacks, conducted via bluntly worded emails, are carried out by Chinese People's Liberation Army units and by a network of intermediaries located in front companies and universities operating under the direction of China's Ministry of State Security and the Chinese Ministry of Foreign Affairs, according to US officials.

 
indictment

While phishing attacks remain, espionage campaigns have disappeared and advanced technologies have been used. These techniques include exploiting unknown vulnerabilities in widely used software such as Microsoft's Microsoft Exchange email service and Pulse VPN security devices, which are difficult to defend and allow Chinese hackers to working undetected for longer periods of time.
 
"What we've seen over the past two or three years is an upward development" from China, said George Kurtz, CEO of cybersecurity firm CrowdStrike. "They operate as a high-level security intelligence department and are no longer just operators of hackers and hackers as they were in the past."
 
China has long been one of the biggest digital threats to the United States. In the 2009 National Intelligence Estimate—a consensus document of all 16 U.S. intelligence agencies—China and Russia topped the list of America's online adversaries. But China was seen as the most immediate threat because of the scale of theft of industrial trade secrets.
 
However, this threat is even more worrisome now because of China's renewed hacking operations. Moreover, the Biden administration has turned cyberattacks - including ransomware attacks - into a major diplomatic front with great powers like Russia, and US relations with China have steadily deteriorated over issues including trade and technological superiority.
 
China's hacking position first came to prominence in 2010 with attacks on Google and security firm RSA, and again in 2013 with the hack of the New York Times.
These and other abuses prompted the Obama administration to bring a series of industrial trade theft indictments to Chinese People's Liberation Army hackers in 2014. A PLA unit in Shanghai, known as Unit 61398, was responsible for hundreds, some thousands, of US corporate abuses. , according to The Times newspaper.
 
Obama officials threatened Chinese President Xi Jinping in 2015 to announce sanctions on his first visit to the White House, after a violent breach that specifically targeted the United States' Office of Personnel Management. In that attack, Chinese hackers stole sensitive personal information, including more than 20 million fingerprints of Americans with security clearance.
 
Soon, White House officials reached an agreement to stop China from penetrating its own industrial interest in American companies and interests. For 18 months during the Obama administration, security researchers and intelligence officials noticed a marked decrease in Chinese hacking.
 
Getting started with intellectual property hackers
After President Donald Trump took office and bolstered trade disputes and other tensions with China, piracy resumed. By 2018, US intelligence officials noticed a shift; The People's Liberation Army hackers resigned and were replaced by agents working on the orders of the Ministry of State Security, which handles China's intelligence, security, and secret police.
 
The intellectual property hacks that benefited China's economic plans did not originate from Law P, but from a more fluid network of front companies and contractors, including engineers who worked with some of the country's leading technology companies, according to intelligence officials and researchers. .

It was not clear how exactly China worked with these loosely linked hackers. Some cybersecurity experts have speculated that the engineers got paid for “moonlighting” the state, while others said those in the network had no choice but to do whatever the state required.
 
In 2013, a classified US National Security Agency memo said, "The exact affiliation of Chinese government entities is unknown, but their activities point to potential intelligence requirements fed by China's Ministry of State Security."
The White House last week provided further clarifications on the indictment; The United States has accused
 
 

 
In the detailed indictment, the Chinese Ministry of State Security is behind a violent attack on Microsoft Exchange email systems in 2021.
 
The Ministry of Justice has separately charged four Chinese nationals with coordinating the hacking of trade secrets of companies in the aerospace, defense, biopharmaceutical and other industries.
 
According to the indictments, the Chinese citizens worked from front companies, such as Hainan Xiandun, which was set up by the Ministry of State Security to give Chinese intelligence agencies a proper front.
 
The indictment included a photograph of one of the defendants; Ding Xiaoyang, an employee of Hainan Xiandun, received the 2018 award from the Ministry of State Security for his work overseeing the company's front-end hacking operations.
 
The United States has also accused Chinese universities of playing a critical role, recruiting students into front companies and managing their key business operations, such as payroll.
 
The indictment also cited "government-affiliated" Chinese hackers for launching ransomware attacks that extort millions of dollars from companies. Scrutiny of ransomware attackers until recently focused on Russia, Eastern Europe, and North Korea.
 
US Secretary of State Anthony Blinken said - in a statement on Monday - that China's Ministry of State Security "has strengthened an ecosystem for criminal hackers who carry out state-sponsored activities and cybercrime for their own financial gain."
 
China has also imposed severe restrictions on research on vulnerabilities in widely owned software and hardware that can benefit the country's surveillance, counterintelligence, and electronic espionage campaigns.
 
And China announced a new policy that requires Chinese security researchers to notify the state within two days when they find security holes, such as the "zero days" that the state relied on to hack Microsoft's systems.
 
This policy is the culmination of Beijing's 5-year campaign to accumulate its "zero days".
 
In 2016, the authorities abruptly shut down China's most famous "zero-days" reporting platform, arrested its founder two years later, and Chinese police announced they would begin enforcing laws banning "unauthorized disclosure" of vulnerabilities.
 
That same year, Chinese hackers - who were regular attendees at major Western hacking conferences - stopped appearing on state orders, the New York Times reported.
 
"If they continue to maintain this level of access - with the control they have - their intelligence community will benefit," said Mr. Kurtz, CEO of the cybersecurity firm, of China. "It's an arms race in the Internet."