Since the beginning of 2022, China’s Ministry of Foreign Affairs and the country’s cybersecurity companies have been spreading more and more alleged US cyber espionage.
By Miltos Sakellaris
At least for the last decade a big bit Americans cybersecurity officials and companies named a series of hackers, which were operated on behalf of the Chinese government. According to their official reports, most hackers have stolen huge amounts of company data, destroyed security networks and broken codes.
U.S. officials may have been “hunting” for “ghosts” for many years, accusing China several times of “suspicious” involvement, but it seems that Beijing is now going on the counterattack. Since the beginning of 2022, China’s Ministry of Foreign Affairs and the country’s cybersecurity companies more and more rumors of alleged US cyber espionage. To date, these allegations have been rare, but that is changing. According to international analysts, these allegations are unfounded as the Chinese base his allegations on older technical details without giving further details.
“These are useful materials for China’s propaganda campaigns when confronted with accusations and accusations of Chinese cyber espionage activities,” said Che Chang, a cyber threat analyst at cybersecurity company TeamT5 based in Taiwan. The accusations of China, pointed out by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, the Chinese security company Pangu Lab published allegations that the elite hackers of the Equation Team of the US National Security Agency used a backdoor, called Bvp47, to monitor 45 countries. The Global Times, a tabloid newspaper owned by China’s state-controlled media, published an exclusive report on the investigation. Weeks later, on March 14, the newspaper had a second exclusive news story about another NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. One week later, Chinese cybersecurity company Qihoo 360 claimed that American hackers had attacked Chinese companies and organizations. And on April 19, the Global Times reported further findings by the National Computer Virus Emergency Response Center on HIVE, malware developed by the CIA.
The reports are accompanied by a bunch of statements -often in response to questions from the media- representatives of the Ministry of Foreign Affairs of China. “China is seriously concerned about the irresponsible malicious activities of the US government,” State Department spokeswoman Wang Wenbin said in April after one of the announcements. “We urge the American side to explain itself and to immediately stop such malicious activities,” he continued. During the first nine days of May, State Department officials commented on US cyber activities at least three times.
While government-sponsored cyberbullying is often shrouded in secrecy, many hacking tools developed by the US are no longer secret. In 2017, the WikiLeaks published 9,000 documents in the Vault7 leaks, which describe in detail many of the CIA tools. A year earlier, the mysterious hacking group “Shadow Brokers” stole data from one of the elite hacking teams of the NSA and slowly “threw” it into the world. Shadow Brokers leaks included dozens of exploits and new zero-days — including the Eternal Blue hacking tool, which has since been used repeatedly in some of the biggest cyber attacks.
Many of the details in the Shadow Brokers leaks match NSA details leaked by Edward Snowden in 2013. (An NSA spokesman said he “has no comment” on this story; the agency usually does not comment on its activities.)
Ben Read, director of cyber espionage analysis at US cybersecurity firm Mandiant, says China’s state media push for alleged US piracy appears to be consistent, but contains mostly older information. “Everything I’ve seen written has been linked to the United States through either the Snowden leaks or the Shadow Brokers,” says Read.
Pangu Lab’s February report on Bvp47 – the only post on its website – says it first discovered the details in 2013, but compiled them after the leak of Shadow Brokers in 2017. “The report was based on a decade of malware and the key decryption is the same “as on WikiLeaks, says Che. HIVE and NOPEN details have also been available for years. Neither Pangu Labs nor Qihoo 360, which has been on the US government’s sanctions list since 2020, have responded to requests for comment on their research or methodology. A Pangu spokesman said earlier that he had recently released the old details and it took a long time to analyze the data.
Megha Pardhi, a researcher from China at the Takshashila Institute, an Indian think tank, says posts and subsequent comments from officials can serve multiple purposes. Internally, China can use it for propaganda and to send a message to the US that they have the capability to carry out cyber-activity. But beyond that, there is a warning to other countries, says Pardhi. “The message is that even though you are an ally of the United States, you will be persecuted.”
“We oppose and legally combat all forms of cyber espionage and attacks,” said Liu Pengyu, a spokesman for the Chinese embassy in the United States.
However, China is widely regarded as one of the most sophisticated and active government agencies in cyberspace — involved in espionage, piracy and data collection. Western officials see the country as the biggest threat in cyberspace, ahead of Russia, Iran and North Korea.
Check out the news feed and stay up to date with the latest news.
