The UK now ranks the Chinese cyber threat as its top defense priority, and the US has joined it in issuing another dire warning about the risks to international stability and the critical infrastructure of rival nations. The allies say that China’s hacking capability is at a scale never seen before and is being used very aggressively, as tensions continue over the future of Taiwan and the US prepares for another contentious presidential election season.
New warning on Chinese cyber threat follows recent Volt Typhoon reports
While the US and UK statements emphasize the Chinese cyber threat’s ability to penetrate critical infrastructure, something highlighted by a report on Volt Typhoon’s activities about a month ago, the intelligence agencies warn that China is also highly active in coercing other countries to accept its technology and in making use of data brokers to obtain information.
The news of Volt Typhoon’s deep penetration into Western critical infrastructure follows several years of increasing boldness in attacks on the sector, both by state-backed APT groups and criminal gangs. While the nation-backed threat groups are still generally focused on espionage, criminals are happily targeting patient care facilities and shutting down their capabilities as part of pressure campaigns to extort ransoms.
One point of particular note about state-backed Chinese cyber threats is that they are now usually among the highest bidders for zero-day exploits, if not developing them on their own. And the primary target for these exploits seems to be Western companies and government agencies, with an eye toward disrupting utilities to hamper military operations and cause general discontent.
Taiwan at the heart of Chinese cyber threat
The UK government summoned ambassador Zheng Zeguang to discuss the issue of Chinese cyber threats last week, but given Beijing’s repeated denials it is unlikely that diplomacy or discussions will make much headway on this issue. The aggression as of late seems entirely tied to the issue of Taiwan, and will likely continue unless there is some sort of major change of tack by the Chinese government.
The UK has accused China of a string of breaches as of late, including a very recent attack on a payment system used by some components of the country’s military. The US recently issued numerous indictments of members of the APT31 hacking group, believed to be hidden behind a false business front called “Wuhan Xiaoruizhi Science & Technology” and composed of civilian contractors that carry out foreign espionage missions at the behest of the government. These indictments revealed the broad scope of Chinese use of such contractors, as well as apparently widespread discontent both at working conditions and by the government agencies that often receive less-than-satisfactory results.
The US is also warning that Chinese cyber threats will involve themselves in the upcoming election, though this time out it is less clear as to what outcome they support. The answer is most likely general disorder and demoralization, rather than attempting to boost a particular candidate (as Russia was accused of doing for Donald Trump during his 2016 victory).