How China’s Hacking Entered a Reckless New Phase

Chinese emblem on a building with a reflection of the Chinese flag - Photograph: PETER PARKS/Getty Images

How China’s Hacking Entered a Reckless New Phase
WIRED, July 18, 2021
By Andy Greenberg

“The country’s hackers have gotten far more aggressive since 2015, when the Ministry of State Security largely took over the country’s cyberespionage.”


For years, China seemed to operate at the quieter end of the state-sponsored-hacking spectrum. While Russia and North Korea carried out hack-and-leak operations, launched massively disruptive cyberattacks, and blurred the line between cybercriminals and intelligence agencies, China quietly focused on more traditional—if prolific—espionage and intellectual property theft. But a collective message today from dozens of countries calls out a shift in China’s online behavior—and how its primary cyber intelligence agency’s trail of chaos increasingly rivals that of the Kim Regime or the Kremlin.


On Monday, the White House joined the UK government, the EU, NATO, and governments from Japan to Norway in announcements that spotlighted a string of Chinese hacking operations, and the US Department of Justice separately indicted four Chinese hackers, three of whom are believed to be officers of China’s Ministry of State Security. The White House statement casts blame specifically on the MSS for a mass-hacking campaign that used a vulnerability in Microsoft’s Exchange Server software to compromise thousands of organizations around the world. It also rebukes the ministry for partnering with contract organizations that engaged in for-profit cybercrime, turning a blind eye to or even condoning extracurricular activities like infecting victims with ransomware, using victim machines for cryptocurrency mining, and financial theft. “The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts,” the statement reads.


That long list of digital sins represents a significant shift in Chinese hackers’ modus operandi, much of which China watchers say can be traced back to the country’s 2015 reorganization of its cyber operations. That’s when it transferred much of the control from the People’s Liberation Army to the MSS, a state security service that has over time become more aggressive both in its hacking ambitions and in its willingness to outsource to criminals.


“They go bigger. The number of hacks went down, but the scale went up,” says Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, who has long focused on China’s hacking activities. That’s in no small part because the nongovernment hackers that the MSS works with don’t necessarily obey the norms of state-sponsored hacking. “There does seem to be kind of greater tolerance of irresponsibility,” Segal says.


The MSS has always preferred using intermediaries, front companies, and contractors over its own hands-on operations, says Priscilla Moriuchi, a nonresident fellow at Harvard’s Belfer Center for Science and International Affairs. “This model in both HUMINT and cyber operations allows the MSS to maintain plausible deniability and create networks of recruited individuals and organizations that can bear the brunt of the blame when caught,” says Moriuchi, using the term “HUMINT” to mean the human, non-cyber side of spying operations. “These organizations can be quickly burned and new ones established as necessary.”

Read the Full Article »

About the Author:

Andy Greenberg is a senior writer for WIRED, covering security, privacy, and information freedom. He’s the author of the book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book and excerpts from it published in WIRED won a Gerald Loeb Award for International Reporting, a Sigma Delta Chi Award from the Society of Professional Journalists, two Deadline Club Awards from the New York Society of Professional Journalists, and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED’s New York office.

See also in Internet Salmagundi: