China Accuses US of Years of Cyber-Spying, Malware Campaigns – Source: securityboulevard.com

The Chinese government is accusing the United States intelligence community of launching cyber-espionage campaigns against the country for years after hacking into Huawei servers as far back as 2009.

China’s Ministry of State Security (MSS) made the charge this week on its official WeChat channel, pointing a finger at the National Security Agency’s (NSA) Computer Network Operations – which Chinese officials referred to as the Office of Tailored Access Operations, or TAO, its former name – as the primary culprit behind the decade-plus of cyber-spying and cyberattacks.

“The U.S. intelligence agency relies on its powerful cyber attack arsenal to carry out surveillance, secret theft and cyber attacks on many countries around the world, including China, and does everything possible,” the MSS wrote, adding that the NSA through TAO “has repeatedly carried out systematic and platform-based attacks on my country in an attempt to steal my country’s important data resources.”

Beijing is claiming that after the attacks on the Huawei servers in 2009, the NSA continued to monitor them and had since “carried out tens of thousands of malicious network attacks on domestic network targets including Northwestern Polytechnical University, controlled tens of thousands of network devices, and stolen a large amount of high-value data.”

Those attacks were part of a larger cyber-operations run by the United States against China, Russia, Iran, North Korea, and other countries, the MSS wrote.

China a Top Cyber Threat

This is coming from a country that U.S. officials and cybersecurity vendors routinely name among the top state sponsors of global cyberattack and cyber-espionage campaigns, issuing numerous alerts and advisories highlighting the threat from China. In its 2023 annual threat report, the U.S. Office of the Director of National Intelligence called China “the broadest, most active, and persistent cyber espionage threat to the U.S. Government and private-sector networks.”

The office added that China likely has the capabilities to launch cyberattacks against critical infrastructure like oil and gas pipelines and rail systems in the United States.

Testifying before the House Appropriations Subcommittee in April, FBI Director Christopher Wray said China has “got a bigger hacking program than every other major nation.”

“There’s no country that presents a more significant threat to our innovation, our ideas, our economic security, our national security than Chinese government,” Wray said. “That’s why we’ve grown the number of investigations into threats from China about 1,300%.”

Most recently, U.S. agencies and Microsoft this summer pointed to an advanced persistent threat (APT) group called Storm-0558 as the threat actor behind a cyber-espionage campaign targeting two dozen government agencies and other organizations in the United States and Europe. The group is accused of stealing a Microsoft signing key, enabling it to hack into Microsoft 365 and Exchange Online accounts and stealing emails from government and corporate accounts.

China reportedly responded by calling the United States “the world’s biggest hacking empire.”

China: We’re the Victim, Not US

It was a theme continued in the WeChat message, which also said that U.S. officials were lying by positioning the country as a victim of China’s cyberattacks to smear the country as a “cyber threat subject” and “coercing” other countries to ally around a program for ensuring network security as a way of blocking Chinese companies from the global networking market.

The United States under the Biden Administration and past presidencies has sanctioned Chinese companies like Huawei and ZTE over fears that their close relationships with and funding from the Chinese government could lead to backdoors being implanted in products, providing Chinese cybercriminals a way into U.S. government and private-sector IT environments.

China’s MSS opened its WeChat channel in early August as a part of a larger counter-espionage effort in the county. The move came weeks after the U.S. government and Microsoft accused the Storm-0558 group of the attack on federal Microsoft accounts.

In a blog post earlier this month, Clint Watts, general manager of Microsoft’s Threat Analysis Center, outlined efforts by both China and North Korea to hone their cyberthreat capabilities through such tools as AI technologies.

At the same time, Watt pointed to China’s global effort to “spread state-sponsored propaganda and soften the country’s image abroad.” As an example, he wrote that China uses more than 230 state media employees and affiliates pretend to be independent social media influencers on various Western social media platforms.

“These influencers, who are recruited, trained, promoted, and funded by China Radio International (CRI) and other Chinese state media outfits, expertly spread localized [Chinese Communist Party] propaganda that achieves meaningful engagement with audiences around the world, reaching a combined following of at least 103 million people across multiple platforms speaking at least 40 languages,” Watt wrote.