For the best For part of a decade, US officials and cybersecurity companies have named and branded hackers they believed were working for the Chinese government. These hackers have stolen terabytes of data from companies such as pharmaceutical firms and video game companies, compromised servers, removed security protections and hacking tools, according to security experts. And as alleged hacking from China becomes more brazen, individual Chinese hackers are facing charges. However, things may change.
From the beginning of 2022. China’s foreign ministry and the country’s cybersecurity firms have increasingly called out alleged U.S. cyber espionage. So far, these accusations have been rare. But the revelations come with a catch: They appear to rely on technical details from years ago that are already public knowledge and contain no fresh information. The move could be a strategic shift for China as the nation struggles to cement its position as a technological superpower.
“These are useful materials for China’s propaganda campaigns when they were faced with accusations and accusations from the US about China’s cyber espionage activities,” said Che Chang, a cyber threat analyst at Taiwan-based cybersecurity firm TeamT5.
China’s accusations, which were noted by security journalist Katalin Chimpanou, follow a very similar pattern. On February 23, Chinese security company Pangu Lab published claims that elite hackers at the US National Security Agency’s Equation Group used a backdoor called Bvp47 to spy on 45 countries. The Global Timesa tabloid newspaper that is part of China’s state-controlled media published an exclusive report on the study. Weeks later, on March 14, the paper had a second exclusive story about another NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 claimed that American hackers had attacked Chinese companies and organizations. And on April 19, Global Times reported further findings by the National Computer Virus Emergency Response Center regarding HIVE, a malware developed by the CIA.
The reports are accompanied by numerous statements – often in response to questions from the media – from Chinese Foreign Ministry spokesmen. “China is seriously concerned about the irresponsible malicious cyber activities of the US government,” Foreign Ministry spokesman Wang Wenbin said in April after one of the reports. “We call on the US side to provide explanations and immediately stop such malicious activities. In the first nine days of May, State Department spokespeople commented on US cyber activities at least three times. “One cannot become white by staining others,” Zhao Lijian once said.
While cyber activity undertaken by state actors is often shrouded in highly classified files, many US-developed hacking tools are no longer classified. In 2017 WikiLeaks released 9,000 documents in the Vault7 leak detailing many of the CIA’s tools. A year earlier, the mysterious Shadow Brokers hacking group stole data from one of the NSA’s elite hacking teams and slowly spread the data around the world. The Shadow Brokers leaks included dozens of exploits and new zero-days – including the Eternal Blue hacking tool, which has since been used repeatedly in some of the biggest cyberattacks. Many of the details in the Shadow Brokers leak match details about the NSA that were revealed by Edward Snowden in 2013. (An NSA spokesman said he had “no comment” for this story; the agency does not routinely comment on its activities.)