Chinas Dogged Campaign to Portray Itself as Victim of US Hacking

  /     /     /  
Publicated : 23/11/2024   Category : security


Chinas Dogged Campaign to Portray Itself as Victim of US Hacking


After the US and its allies formally accused China of irresponsible and malicious behavior in cyberspace back in 2021, the government there has been on a mission to cast the US in the same light.



For more than two years, Chinas government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years.
A recent examination of Beijings claims by researchers at SentinelOne found most of them to be unsubstantiated, often based on previously leaked US intelligence and lacking any technical evidence. However, that has not stopped the Chinese government from pursuing its misinformation campaign in an attempt to divert attention from its own hacking activities, SentinelOne said.
China hopes to change global public opinion on Chinese hacking, says Dakota Cary, strategic advisory consultant at SentinelOne. China aims to show itself as the victim of US hacking operation and show how the US is the perpetrator of hacking operations.
To date, the campaign has met with some limited success, as
Chinas claims have made their way into western media outlets
like Reuters, he says. Meanwhile, the SentinelOne report comes amid a backdrop of heightened alarm in the US about Chinas
insidious and persistent intrusion campaigns
into
US critical infrastructure
by Chinese threat groups such as Volt Typhoon.
The immediate impetus for Chinas efforts to push a US hacking narrative appears to be a somewhat
extraordinary joint declaration
by the US, UK, and European Union governments in July 2021 accusing the government of indulging in malicious irresponsible and destabilizing behavior in cyberspace. The declaration, among other things, blamed the Chinese government of hiring
criminal contract hackers
to conduct unsanctioned cyber operations globally, including for their own personal profit.
The White House statement contained a reference to charging documents unsealed in 2018 and 2020 that accused hackers working with Chinas Ministry of State Security (MSS) of participating in ransomware attacks, crypto-jacking, cyber extortion, and rank theft. It also announced criminal charges against four individuals at the MSS for engaging in cyber campaigns to steal intellectual property and trade secrets from organizations in the aviation, defense, maritime, and other sectors in the US and other countries.
The US allegations came shortly after an incident where attackers — later identified as working for the MSS — exploited four zero-day bugs in
Microsoft Exchange
to
compromise tens of thousands
of computers worldwide. What proved especially irksome was the apparent decision by the Chinese hacking team to automate their attack and to share details of the vulnerability with others when it became apparent that Microsoft was ready to release a patch for the flaws, SentinelOne said.
The joint statement so irked the PRC government that it began a media campaign to push narratives about US hacking operations in global media outlets, the security vendor said.
Chinas attempts to get back at the US include having some cybersecurity firms in the country coordinate publication of reports about US hacking activity, then using government agencies and state media to amplify their impact.
Since early 2022, state media in China began releasing English-language versions of cyber threat intelligence reports from Chinese security firms. The English-language Global Times, a publication that generally reflects the official views of the Chinese Communist Party, mentioned NSA-related hacking tools and operations 24 times in 2022, compared to just twice the preceding year, SentinelOne found.
In 2023, the publication ran a
series of articles
on US intelligence agencies allegedly hacking into seismic sensors at the Wuhan Earthquake Monitoring Center. The articles were apparently based on a report from Chinese cybersecurity firm Qihoo360 and another Chinese government entity. And last April, Chinas cybersecurity industry alliance published a
report
that chronicled more than a decade of research on US cyberattacks such as the Stuxnet campaign on Irans Natanz nuclear facility.
According to SentinelOne, most of Chinas reports are not backed by any technical evidence of the sort that cybersecurity firms in the US and some other countries provide when disclosing nation-state campaigns. The
Global Times article
on the attacks at Wuhans earthquake monitoring facility, for instance, quotes a Qihoo360 report that is not publicly available anywhere. Even so, the report garnered some attention in the US, with
several media outlets
running with the story, SentinelOne said.
Reports that do have some form of attribution or evidence are often based on leaked US intelligence documents such as
Edward Snowdens leaks
, the
Vault 7 leaks
, and the
Shadow Brokers
leaks, Cary says. In fact, of the 150 or so citations in the report from Chinas cybersecurity alliance, less than a third are from Chinese vendors.
We dont know if Chinas cybersecurity companies have the data to back up claims of US hacking, Cary says. It is likely that such data does exist somewhere in the PRC, but its unclear if it would prove their claims, he notes, adding, What we can say is that Chinas legal regime and political system have decided against the publication of any such data.

Last News

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Chinas Dogged Campaign to Portray Itself as Victim of US Hacking