UK and US accuse China of multiple ‘malicious’ cyberattacks

2 days ago

Image: © corund/Stock.adobe.com

The two countries have issued sanctions against one company and two individuals allegedly linked to a Chinese state-affiliated group that has been operating for years.

The UK and the US have claimed that several cyberattacks targeting government entities and critical infrastructure were orchestrated by Chinese “state-sponsored” organisations and individuals.

The UK government said yesterday (25 March) that two “malicious” cyberattack campaigns were caused by these Chinese groups. The UK’s National Cyber Security Centre (NCSC) said the country’s electoral commission systems were “highly likely compromised” by a Chinese state-affiliated entity between 2021 and 2022.

The NCSC also claims that a Chinese state-affiliated group known as APT31 conducted “reconnaissance” against UK politicians in 2021. The UK said it summoned the Chinese Ambassador to the UK as a result of these findings. It also sanctioned a “front company” and two individuals who are allegedly members of APT31.

“It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes,” said UK foreign secretary David Cameron. “While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face.”

The US Treasury also sanctioned the company and individuals that are allegedly linked to the APT31 group and claimed the company served as cover for multiple malicious cyber operations.

This US department called Chinese state-sponsored cyberattackers “one of the greatest and most persistent threats” to US national security. It described APTs (Advanced Persistent Threat Groups) as “sophisticated” actors or groups that can conduct “advanced and sustained” malicious cyber activity, and referred to APT31 as a collection of Chinese intelligence officers, contract hackers and support staff.

The US claims that this group targeted multiple high-ranking government officials and various critical infrastructure sectors, including defence, IT and energy.

Michael Covington, Strategy VP at Jamf, said the mounting case against this Chinese hacking group shows the “extensive planning and long-term strategies” involved in state-sponsored “cyber espionage”.

“During the time of this alleged campaign, APT31 was studied by security researchers and reported on in the press,” Covington said. “And yet, the campaign is said to have run for 14-years.

“The timeline of this case alone shows how difficult it is for the full picture of a cyber incident to be pieced together and understood. Part of this is due to devices and systems that failed to meet basic security hygiene standards. And part of this is due to a culture of silence.”

Growing cybersecurity tensions

The recent wave of accusations follows a period of mounting tension between China and some Western countries, particularly the US, which has made various claims about state-sponsored hacking attempts.

Last month, US officials claimed they disrupted an operation by a Chinese state-sponsored group called Volt Typhoon that was targeting critical infrastructure. The statement claims this hacking campaign is linked to an advisory warning issued by multiple cybersecurity authorities last year, which claimed that hackers sponsored by China’s government were “living off the land” in the US to evade detection.

Cybersecurity tensions between the US and China rose significantly last year, after it was suggested that China-based hackers managed to gain access to data from multiple US government agencies – including the emails of the US ambassador to China. The breach was linked with a wave of attacks that Microsoft attributed to China.

A US senate staffer told Reuters last September that 60,000 emails from 10 US state department accounts were stolen by Chinese hackers.

Earlier this month, a report from ThreadMicro claimed one Chinese hacker group called managed to compromise 48 government organisations worldwide and that a further 49 were targeted.

“The threat actor was able to compromise or target victims in 45 different countries spread across different regions, most of them in Asia and America, but also in Europe and Africa,” the report said.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com