Are We At (Cyber) War With China?
On July 6th, the heads of the FBI and MI5 met in London to deliver an unprecedented joint warning regarding China's "game changing" cyber offensives.
As FBI director Jonathan Wray put it, “The Chinese government poses the biggest long-term threat to our economic and national security.” This not only includes attacks against the government and security sectors, but more frequently cases of intellectual property theft on a grand scale.
For example, Wray cites cases of Chinese state-backed actors digging up genetically modified seeds from rural American farms, saving them billions of dollars and decades spent on development.
For his part, MI5 chief Ken McCallum claimed that Britain’s “most game changing challenge comes from the Chinese Communist Party. It’s covertly applying pressure across the globe. This might feel abstract but it’s real and it’s immense.” His agency has already doubled its efforts over the past three years to counter Chinese threats and plans to double them once more.
While it’s reasonable to assume that this is simply a case of political maneuvering – particularly as the global community leans into an economic nosedive – it is nonetheless far from inaccurate.
Hitting the Jackpot
Beginning with the obvious, last spring’s Microsoft Exchange Server attack was one of the largest hacks in history, compromising a wide range of government agencies, academic institutions, NGOs, and business entities in multiple industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical.
As we reported at the time, an autopsy by Microsoft and law enforcement agencies quickly determined with a high degree of certainty that the attack was performed by HAFNIUM, a state-sponsored Chinese group.
Similarly, a US federal grand jury found four members of China’s military responsible for the 2017 Equifax hack which exposed PII on over 145 million Americans, making it, in the words of the official FBI account, "one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded."
These attacks demonstrate that the Chinese Communist Party is not only capable of infiltrating targets at the highest levels, but is more than willing to do so, with seemingly little backlash.
Intellectual Property Theft
The scale of Chinese IP theft has been a Western pet peeve for decades. More than anything else, it helped pave the way for the crushing sanctions that President Trump’s leveled against China in 2017, and only seems to have gotten worse since.
McCallum singled out the British engineering firm, Smith’s Harlow, that was recently forced into bankruptcy after a disingenuous offer by a Chinese company led to their technology being taken from them before the deal was then “called off.” Similarly, a company that served as a front for Chinese intelligence spent the last few years contacting British aviation experts online to offer them lucrative job, in an attempt to milk them for technical information concerning military aircraft.
While these cases are far from unique (it’s no secret that IP theft has run rampant in China for decades and has been key to their economic expansion), there had been some hope amongst international experts that as China’s own capabilities matured, they would gradually begin enforcing international IP and copyright laws. Clearly, this has not been the case.
In May of this year, the US and allies announced that they’d disrupted a sophisticated Chinese effort to compromise global telecoms and aviation services. In July, the Belgian Minister for Foreign Affairs announced that multiple state-sponsored Chinese groups had breached their defense and interior ministries, "significantly affecting our sovereignty, democracy, security and society at large."
Increasingly, highly sophisticated and sensitive IP is being carefully harvested by both state-sponsored and private groups for commercial and political use.
The Chinese Response?
Chinese Foreign Ministry spokesman Zhao Lijian was quick to issue a scathing rebuke, denying all the allegations as a western conspiracy:
“The remarks made are nothing but a rehash of political lies. China is firmly opposed to such remarks by the US side. The US is playing up the “China threat” theory in order to smear, oppress and contain China’s development. This fully exposes the deeply-entrenched Cold War mentality and ideological bias of the US side. Speaking of acting aggressively, in this region and beyond, the US is second to none.”
No matter whose side you take, however, this is a good reminder to invest in securing your organization, and contribute to the safety and security of your employees, customers, and stakeholders.
Bolstering your company against incoming threats is not as difficult as it may sound.
Like most hackers, China relies heavily on Common Vulnerabilities and Exposures (CVEs) to gain entry. CVEs are widely known and documented vulnerabilities which usually have a patch available. Accordingly, applying patches as soon as they are released will disrupt most attacks. Implementing a centralized patch management system can help automate and expedite this process. Attack Surface Management platforms like Quantum Armor offer a suite of vulnerability detection capabilities, and can detect any CVEs as soon as they appear in your network.
In addition, it is always good security hygiene to have unnecessary ports and protocols disabled. This will limit your attack surface exponentially, and immediately shut down many attack vectors.
Finally, research shows that enforcing multi-factor authentication across the organization is the single most effective cybersecurity measure available. In cases where MFA is unavailable, ensure that password complexity protocols are in place, and that sensitive credentials are updated regularly.
For a full list of CISA Alerts and Advisories related to China, visit: https://www.cisa.gov/uscert/china
Learn more about how Quantum Armor can help you stay safe for less. Sign up for a 30-day free trial and test-drive our platform 100% risk-free!
Rating Russia's Cyber Warfare Capabilities
Does Crypto Need a Cybersecurity Refresh?
How the Dark Web Can Protect Your Company
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.