“Our government is right: companies really need to pay more attention,” said Lou Steinberg, former CTO at TD Ameritrade.
In recent years, the threat from Russia has been the focus of much cybersecurity attention and investment by businesses in the U.S. and Western Europe, particularly after Russia invaded Ukraine in February. Understandably, the threat of ransomware and the disruption of critical infrastructure will trigger the response.
But in terms of state-sponsored attacks, China It was behind a staggering 67 percent of attacks between mid-2020 and mid-2021, compared to just 1 percent for the Russian government, according to data from CrowdStrike.
According to Tom Hagel, senior threat researcher at the Sentinel, China is “no doubt the number one threat, at least to the US.”
In July, the FBI and MI5 issued an unprecedented joint warning about the threat of IP theft in China. In a speech to business leaders in London, FBI Director Christopher Wray said China’s hacking program “is bigger than any other major country’s” and that the Chinese government is “going to steal your technology — whatever it does to your industry.” Make a mark.”
“The Chinese government poses a more serious threat to Western businesses than even many sophisticated businessmen realize,” Wray said.
Lightning strikes
In his three years as a researcher at SecureWorks, Mark Bernard has seen Chinese government hackers go after clients in chemical manufacturing, aviation, telecommunications and pharmaceuticals – just to name a few.
“It’s hard to pinpoint what the key sectors are for China, because they target so many,” Bernard said. It’s a balance that completely overwhelms anything like Iran, North Korea and Russia.
US Air Force Chief Software Officer Nicholas Chailan said that since 2011, China has released bombers of the same design as the F-35. Documents leaked by former NSA contractor Edward Snowden appear to confirm that Chinese government hackers stole information on the F-35 Lightning II, which is believed to be used in the design of Chinese jets including the J-31 and J-20.
Chailan — who resigned in protest of progress on military IT reforms amid China’s threat — said a recent FBI warning against China was telling. “It’s asking a lot for the government to start saying things like this,” he told Protocol. “That usually gives you a clue that it’s really, really bad.”
China is “the leading country in terms of risk, at least for the US.”
Rai has made several public comments on China’s cyber threat this year. In a January speech, the FBI said it had 2,000 open investigations related to the Chinese government’s attempted theft of technology and data. The FBI said at the time that it was opening a new case involving Chinese intelligence every 12 hours.
In the year In July 2021, the White House condemned the Chinese government, along with the European Union, the United Kingdom and NATO, for its “pattern of malicious cyber activity”. The move made it clear that the Biden administration believes China is ignoring a 2015 agreement to end hacking activities aimed at stealing the IP of US businesses.
Major events include the Chinese government exploiting a vulnerability in Microsoft Exchange in 2021, which led to the compromise of the networks of 10,000 US companies, Wei Wei said in January.
“The key to analyzing China’s cyber threat is to understand the larger context of why China is targeting Western IP,” said Michael Daniels, former cybersecurity coordinator and special assistant to the president during the Obama administration.
“China is fundamentally a country that sees itself as challenging the West and challenging the world order that the Western European system has built,” Daniels said.
A central part of that ambition is challenging the West economically, but China has a tendency to take shortcuts, experts say.
China’s alternative priorities
The Chinese government launched the “Made in China 2025” strategy in 2015, which identifies industries it deems most important. The document is extremely important to the Chinese government’s efforts to prevent IP theft, said Daniel, who is now president and CEO of the Cyber Threat Alliance, an industry group.
“If your company is in one of the industries identified in that strategy, you are a target for Chinese intelligence,” he said. “It’s that simple, really.”
Some of the industries that currently face the greatest threat from Chinese IP theft — such as energy, aerospace defense technology and quantum computing — are already well aware, says Steinberg, now founder of cybersecurity research lab CTM Insights.
But other industries should be given more attention than they are, he said. These include AI/robotics, agricultural technology and electric vehicle sectors – among the industries mentioned in the “Made in China 2025” plan.
“If you’re on their list, they have an army of skilled people trying to figure out how to get your intellectual property,” Steinberg said.
“If your company is in one of the industries identified in that strategy, you are a target of Chinese intelligence.”
Earlier, US Cyber Command official and US Air Force officer Christian Sorensen said there had been a clear shift in China’s IP theft priorities from a traditional focus on defense-related technologies – such as F-35 designs – to a more transparent one. – Technology and biotech sectors. For example, in In mid-2020, the US accused the Chinese government of hackers trying to steal data from Covid-19 vaccine developer Moderna.
But Sorensen, founder and CEO of cybersecurity vendor SightGain, said such threats could become more difficult to prioritize for security teams that are already overburdened.
“Everybody pays attention to what’s right in front of them,” he said. “Our intellectual property is flying out of our borders, which is a serious strategic threat. But it’s not always a front-line threat.”
That was especially true in 2022 – the year of “Shield Up”.
Documents leaked by former NSA contractor Edward Snowden appear to confirm that Chinese government hackers stole data from the US F-35 Lightning II.
Photo: Robert Atanasovsky/AFP via Getty Images
Following the invasion of Ukraine, there was widespread speculation that the US and other Ukrainian allies would be subject to Russian cyberattacks. So far, there have been no major counterattacks from Russia – although experts believe that this type of Russian expansion may come as early as the end of this year, depending on how events play out with Ukraine and sanctions.
America’s focus on its cyber adversaries tends to be cyclical, experts say. And even before the war in Ukraine, Russian threat actors From the SolarWinds breach by Russian intelligence in 2020 to the Colony Pipeline and Kasia ransomware attacks by cybercriminals operating abroad in 2021, Russian threat actors have been constantly in the spotlight.
If China wants to prevent aid to Taiwan, it is not out of the question that China could pursue similar cyberattacks in the US and Western Europe in the future, Daniels said. China is believed to have sought to strike critical infrastructure for such a situation.
So far, however, China’s cyber activity has been “almost entirely covert cyber espionage campaigns,” said Josephine Wolff, an associate professor of cybersecurity policy at Tufts University.
While Russian cyberattacks are often intended to create noise and chaos, Wolff said, China’s attacks are “intended to be stealthy. They don’t want anyone to know it’s them.”
Oppose China
US-China tensions rose on Tuesday when House Speaker Nancy Pelosi visited Taiwan. Mandiant’s John Hultquist said in a statement that China “conducts significant cyber espionage against Taiwanese and US targets” in connection with the situation.
In particular, the Chinese government is very effective in organizing hacking operations, the Sentinel on Hagel said. “It’s a well-oiled machine for mass espionage.”
While China’s hacking program does not often carry out technically sophisticated attacks, its scale and persistence allow it to succeed in the long term, he said.
But since China’s objective is different compared to Russia, “You have to defend yourself [in] A completely different way,” said CTM Insights’ Steinberg.
The go-to technologies in these situations are data loss prevention, data leak detection and fraud technologies like Trivia, he said. Rather than waiting to prevent intrusion every time, the key to stopping IP theft is “Can you catch it while it’s happening and shut it down?”
Businesses should focus on implementing specific protections on systems that host IP, says Bernard, senior consultant for information security research at SecureWorks. This could include network segmentation and improved monitoring of system components, he said.
One way Chinese hackers are improving can be seen in their methods of gaining initial access to corporate systems, experts say. In recent years, Chinese attackers have been seen exploiting vulnerabilities rather than relying solely on phishing, said Kevin Gonzalez, director of security at cybersecurity vendor Anvilogic.
China-based attackers exploited a dozen vulnerabilities published in 2021, more than twice as many as last year, according to CrowdStrike – making the Chinese government a “vulnerability exploitation leader” for the hacking activity.
The threat actors have demonstrated the capabilities to exploit previously unknown, zero-day vulnerabilities and vulnerabilities, Hagel said.
In addition, the Chinese government said hackers are now scanning for vulnerabilities “as they emerge on the second line” — such as in the case of Log4 Shell, the widely used Apache Log4j software discovered in December 2021. The Chinese government has reportedly punished Chinese tech giant Alibaba for notifying the developers behind Log4J of the flaw before telling the government.
China has used more innovative techniques, such as software supply chain attacks. In 2017, CCleaner and Asus’ live updates deal are among the last cases.
Still, while China’s focus on IP theft makes some defenses unique to those needed to stop ransomware, there are plenty of countermeasures to protect against both Russian and Chinese-style threats, experts said.
Adam Meyers, senior vice president of intelligence at CrowdStrike, said a focus on strong security hygiene, vulnerability and patch management, identity verification and a zero-trust architecture will go a long way to protect against attacks from any country. .
“Threat hunting is a worthwhile investment, regardless of whether you’re concerned about threats from Russia, China or anywhere else,” Meyer said. “You have to be there to look for these threats, because the enemy is constantly moving,” he said.
But hacking is not the only cyber threat that China poses to the US and the West, experts say. Samuel Wisner, a longtime cybersecurity executive and former NSA official who currently works as a technical fellow at MITRE, said it might not be too challenging.
The tough question, Wisner says, is how to respond to China’s push to build a “digital silk road” in many parts of the world using exported Chinese IT infrastructure. It is believed that the technology will facilitate the surveillance of citizens. Finally, the fear is that the Digital Silk Road could be used to feed information about Americans or Europeans to foreign countries back to the Chinese government, he said.
“That’s also a security challenge,” Wisner said of meeting a different definition of cybersecurity.
