China’s Cyber Warfare Surges With Hacking Of U.S. Infrastructure – The Federalist

2023 will go down in history as the year that Chinas state-sponsored hackers advanced their ability to wage cyber warfare against the U.S.

Chinese hackers used to focus on stealing Americas commercial secrets and personnel information (see exampleshere and here). But this year, Chinese hackers have expanded their reach by collecting intelligence on U.S. government agencies and breaching systems of infrastructures with strategic value.

In May 2023, The New York Times reported that a Chinese state-sponsored hacking group had installed malware in electric grids in Guam and other parts of the U.S. since February 2023, probably seeking to cut off power to the U.S. military in case China invades Taiwan.

Microsoftdisclosed in July that China-based hackers gained access to email accounts affecting approximately 25 organizations in the public cloud, including government agencies as well as related consumer accounts of individuals, since May 15, 2023. The affected government agencies included the U.S. State Department. U.S. national security officials identified the hackers as affiliated with Chinese intelligence. Google Clouds Mandiant senior vice president and chief technical officer, Charles Carmakal, called Chinese hackers techniques very advanced.

Then, last week,DailyMail.com reported that Chinese hackers affiliated with the Peoples Liberation Army have gained access to essential infrastructure sites in the U.S., including a water utility in Hawaii, a major port, and at least one oil and gas pipeline. The hackers access to the water utility in Hawaii is probably of the utmost concern since the U.S. Pacific fleet resides near the island of Oahu. Chinese hackers had been sitting on a stockpile of strategic vulnerabilities without being detected for almost a year.

Brandon Wales of the Cybersecurity and Infrastructure Security Agencysaid, It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict.

For example, if the Chinese Communist Party invades Taiwan, Chinese military-affiliated hackers will likely disrupt critical infrastructure in the United States. Wales said the hackers will try either to prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States to affect our decision-making around a crisis.

Chinas state-sponsored hackers are relentless, and they have received the states assistance to enhance their abilities. For example, Beijing passed aData Security Lawin 2021. It includes a provision that requires technology companies doing business in China to report their software vulnerabilities to Chinas Ministry of Industry and Information Technology (MIIT) within 48 hours after the issue became known. The MIIT then adds such vulnerabilities to a National Vulnerability Database and generates vulnerability reports.

The Chinese government claims such a database and its reports are necessary for researchers to learn how to fix those software vulnerabilities and enhance cybersecurity. Beijing omitted to mention that MIIT shares its software vulnerability reports with other Chinese government agencies. These include Chinas Ministry of State Security (MSS), the nations leading spy agency.

MSSs activities include performing domestic counterintelligence, gathering foreign intelligence, conducting overseas influence campaigns, and organizing hacking. Last year, the U.S. Justice Departmentcharged13 individuals, including a few members of MSS, for alleged efforts to unlawfully exert influence in the United States for the benefit of the government of the PRC. The agency was also behind some of themost disruptive overseas hacking operationsin recent years.

Shanghai Jiao Tong University and the security firm Beijing Topsec, two entities known for working with the PLA to carry out hacking campaigns, also have access to MIITs vulnerability reports.

Another serious concern of this Chinese law is that it mandates companies to disclose any software vulnerabilities within two days of discovery, even though the average time it takes to patch its software flaws is between60 daysandmore than 200 days.

Brad Williams, writing forBreaking Defense,warnedthat Chinas new law essentially has given its state-sponsored hackers a head start. It provides them with nearly exclusive early access to a steady stream of zero-day vulnerabilities of software used by other countries, including the U.S. The law gives Chinese hackers plenty of time to exploit those vulnerabilities and advance their hacking abilities.

How many American companies have complied with Chinas software vulnerability reporting mandate is unclear. Williams named two U.S. companies, Amazon Web Services and Microsoft, which have business operations in China and likely must comply with the software vulnerability disclosure requirement.

Unfortunately, both companies also have a significant presence in both the public and private sectors in the U.S. Their compliance with Chinese law could potentially include those discovered in technologies used by the Defense Department and Intelligence Community in the U.S. Even a mere description of a bug with the required level of specificity would provide a lead for Chinas offensive hackers as they search for new vulnerabilities to exploit, according toWIRED magazine.

It is not a coincidence that since Beijing enacted mandatory software vulnerability reporting, Chinas hackers have demonstrated an enhanced ability to breach into more strategically sensitive systems in the West, especially in the U.S. The Director of National Intelligences 2023 Annual Threat Assessment states,China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks.

The PLA has every intention to incorporate cyber warfare as part of its war planning against Taiwan and its allies. Foreign technology companies in China have a decision to make: Will they continue chasing short-term profits and market access in China, even if it means sharing software vulnerabilities? Or should they pack up and leave the hostile legal environment in China? Their decision will affect not only their own data security and that of their customers but also the national security of their homeland and allies.

Read the rest here:

China's Cyber Warfare Surges With Hacking Of U.S. Infrastructure - The Federalist