Over the years, China It seems to operate on the quiet end of the state-funded hacking spectrum. When Russia and North Korea carried out hacking and leaks, launched large-scale destructive cyberattacks, and blurred the boundaries between cybercriminals and intelligence agencies, China quietly focused on more traditional (if prolific) espionage activities and knowledge Property theft. But today’s collective messages from dozens of countries call for a shift in China’s online behavior—and how the chaotic path of its main cyber intelligence agency is increasingly comparable to the Kim regime or the Kremlin.
On Monday, the White House, together with the British government, the European Union, NATO, and governments from Japan to Norway, issued an announcement focusing on a series of Chinese hacking operations. The U.S. Department of Justice separately prosecuted four Chinese hackers, three of which are considered to be China’s national security Officials of the Ministry or MSS. The White House statement specifically put the blame on China’s MSS Large-scale hacking Exploit vulnerabilities in Microsoft Exchange Server software Compromise thousands of organizations all around the world. It also accused China’s MSS of cooperating with contract organizations engaged in for-profit cybercrime, turning a blind eye to extracurricular activities, and even condoning them to infect victims with ransomware, use victims’ machines for cryptocurrency mining and financial theft. The statement read: “China is unwilling to solve the criminal activities of contract hackers. By losing billions of dollars in intellectual property, proprietary information, ransoms and mitigation measures, it has harmed the interests of the government, enterprises and critical infrastructure operators.”
This long list of digital crimes represents a major shift in the modus operandi of Chinese hackers. According to Chinese observers, most of them can be traced back to the country’s 2015 reorganization of its online business. At that time, it transferred most of its control from the Chinese People’s Liberation Army to MSS, a national security agency. Over time, its hacking ambitions and willingness to outsource to criminals have become more radical.
“They have become bigger. The number of hackers has declined, but the scale has increased,” said Adam Siegel, director of the Digital and Cyberspace Policy Program of the Foreign Relations Committee, who has long been concerned about hacking activities in China. This is largely because non-governmental hackers working with MSS do not necessarily comply with state-supported hacking codes of conduct. “There seems to be a greater tolerance for irresponsible behavior,” Siegel said.
Priscilla Moriuchi, a non-resident researcher at the Belfer Center for Science and International Affairs at Harvard University, said that MSS has always preferred to use intermediaries, front companies and contractors rather than do it on its own. “This model of HUMINT and network operations allows MSS to maintain reasonable denial and create networks that recruit individuals and organizations that can bear the brunt when caught,” Moriuchi said, using the term HUMINT to mean human, non-spy operations Network aspect. “These organizations can be burned quickly, and new organizations can be established when necessary.”
Although these contractors provide the Chinese government with a layer of denial and efficiency, they also result in reduced control of operators and there is no guarantee that hackers will not use their privileges for personal gain — or contract by MSS officials who provide relief. Moriuchi added: “According to this model, the network operating organization that MSS belongs to is also committing cybercrimes, which is not surprising to me.”
The White House statement generally points to a broad, chaotic, and in some cases unrelated collection of Chinese hacking activities.A kind A separate indictment mentions four hackers associated with MSS, Three of them are MSS officials, and they are all accused of conducting widespread intrusions into industries from healthcare to aviation around the world.
But even more unusual than the data theft outlined in the indictment was the massive hack announced on Monday, in which an organization called Hafnium – now linked by the White House to China’s MSS –Break into no less than 30,000 Exchange Servers worldwide. Hackers also Leaving behind the so-called “web shell”, They are allowed to regain access to these servers at will, but it also brings the risk that other hackers may discover these backdoors and use them for their own purposes. Dmitri Alperovitch, former CrowdStrike chief technology officer and founder of Silverado Policy Accelerator, and researcher Ian Ward wrote that this element of hacking activities is “untargeted, reckless and extremely dangerous”. In the March blog post. at least A ransomware organization seems to be trying to piggyback The Hafnium event was cancelled shortly after the exposure.
Ben Read, head of cyber espionage analysis at incident response and threat intelligence company Mandiant, said there is no clear evidence that MSS hafnium hackers deployed ransomware or cryptocurrency mining software on any of these tens of thousands of networks. On the contrary, the White House’s criticism of the Chinese government’s vague cybercrime and cyber espionage activities seems to be related to other years of hacking that have more clearly crossed this line.For example, last September, the U.S. Department of Justice Sued five Chinese men who worked for an MSS contractor named Chengdu 404 Network Technology-Known by the name Barium in the cyber security industry, before they were discovered-everyone was accused of invading dozens of companies around the world in a series of operations that seemed to combine espionage with for-profit networks Crimes are mixed freely.