Cyber attacks linked to Chinese intelligence services are increasing in capacity and frequency as they seek to test the responses of foreign governments, analysts have warned in the wake of revelations of a massive hacking of British data.
On Tuesday, the British and US governments accused the hacking group Advanced Persistent Threat 31 (APT 31), backed by China’s spy agency, of waging a years-long cyberattack campaign targeting politicians, national security officials, journalists and companies. Britain said the hackers may have accessed information on tens of millions of British voters held by the Electoral Commission, as well as cyber espionage targeting lawmakers who have been outspoken about threats from China.
Both the US and UK governments have announced sanctions against linked Chinese companies and individuals.
Also on Tuesday, the New Zealand government said it had raised concerns with the Chinese government about its involvement in an attack targeting the country’s parliamentary entities in 2021.
Analysts told the Guardian there were clear signs of an increase in cyber attacks that appeared to be carried out by Chinese actors, often with links to Chinese intelligence services and the government.
“Some of the hacking groups are information security companies contracted by Chinese intelligence units to carry out attacks on specific targets, such as the recent case of iSoon Information,” said analyst Chung Che of Taiwan-based cyber threat analysis firm T5.
T5 had been monitoring an increase in “constantly evolving” hacking efforts by Chinese groups in the Pacific region and Taiwan over the past three years.
“We believe their goal is to infiltrate specific targets and steal important information and intelligence, whether political, military or commercial,” Chung said.
Chung said there was not enough information to specifically trace the activity to China’s top brass (and Beijing firmly rejects the accusations), but “given China’s system of no distinction between party and state, it is true that we cannot rule out the consequences.” possibility of instructions coming from above.”
However, several analysts said Western governments have become much more willing to name China as the culprit after years of avoiding antagonizing the leaders of the world’s second-largest economy.
“That previous reluctance to criticize has given way to a more outspoken attitude and I think that’s probably because the scale of the threat and the actual burglaries have increased. They are now more serious threats,” said David Tuffley, senior lecturer in cybersecurity at Griffith University in Australia.
The British announcement followed revelations last month that a Chinese hacking network known as Volt Typhoon had been lying dormant in US critical infrastructure for five years and had ‘pre-positioned’ itself for future acts of sabotage. That operation raised concerns among Five Eyes observers because it signaled a shift from espionage for intelligence gathering to preparation for warfare.
Tuffley said cyberattacks are part of China’s gray zone activity – that is, acts that approach but do not reach the threshold of warfare. Much of the activity is regionally focused, targeting Taiwan and other countries that dispute claims in the South China Sea. But these cyber attacks had a much greater reach.
“The whole point to make in all of this is that China is clearly taking a much more muscular position,” Tuffley said. “The country knows it does not have the military capacity to defeat the Americans, British, Australians, Japanese and Koreans in a hot war. So it is very unlikely that they will make it that far.”
Instead, it seeks to cause instability in the target country, and “perhaps a loss of confidence in that target country’s operational capabilities.” The country is also testing its own capabilities against the defenses of its adversaries, he said.
Tuffley said there was a risk of escalation. Other governments such as the US and Britain had high cyber espionage capabilities of their own, but did not publicly threaten countermeasures against the Chinese state.
In his statement on Tuesday US authorities have named individuals accused of carrying out cyber attacks that allegedly violate US law. That indicated a deep level of knowledge about the attacks, perhaps including through human intelligence sources within China’s operations, or a retaliatory intelligence-gathering hack, one analyst said.
“Anyone who has spent any time working in cybersecurity will not be at all surprised by this report from the UK authorities,” said Adam Marrè, head of information security at Arctic Wolf. “Beijing continues to view cyber as a natural extension of their statecraft and has rarely been afraid to use cyber techniques to advance their own national interests.”