INTELBRIEF

May 14, 2020

IntelBrief: China Steps Up Cyberattacks in Effort to Gain Leverage During Pandemic

FIEL - Chinese President Xi Jinping, right, and U.S. President Donald Trump (AP Photo/Ahn Young-joon, File)
  • China employs armies of state-directed hackers to wage cyberattacks and commit espionage against targets selected by the People’s Liberation Army and other elements of China’s military and intelligence services.
  • China is growing more brazen with its cyberattacks at a time of heightened tensions with the United States, and during a period when the relationship is growing increasingly antagonistic over fallout from the coronavirus.
  • China’s cyber espionage has continued unabated during the pandemic, as Chinese hackers have broadened their target set, determined to hack foreign government entities and private sector companies.
  • China is relentless in its illegal pursuit to steal intellectual property across a range of industries, from software to agriculture.

The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) issued a warning on Wednesday that Chinese hackers are launching cyberattacks in an effort to access and ultimately steal research related to a vaccine for the coronavirus. The Chinese Communist Party (CCP) regularly relies on a combination of state assets, such as its military cyber units, in addition to non-state actors that operate with Beijing’s blessing and under its direction. Similar to Russia, China employs virtual armies of state-directed hackers to wage cyberattacks and commit espionage against a range of targets selected by the People’s Liberation Army (PLA) and other elements of China’s military and intelligence services. China also relies on spies that have been groomed to pilfer research and data from American universities and private laboratories. The FBI and DHS partnered on the warning which accuses Beijing of targeting ‘valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing.’ United States Cyber Command and the National Security Agency will be tasked with determining an appropriate response to China’s aggressive cyberattacks.

The high-profile warning comes at a time of heightened tensions between the United States and China, with the relationship growing increasingly antagonistic over fallout from the coronavirus. Negative relations have been stoked by some high-ranking U.S. officials, including Secretary of State Mike Pompeo, who insist on calling the coronavirus the ‘Wuhan virus.’ Pompeo recently suggested that ‘there’s enormous evidence’ to suggest that the virus leaked from the Wuhan Institute of Virology, perhaps following a laboratory accident. China’s refusal to be forthcoming or transparent has fueled a range of conspiracy theories about the origins of the virus and the extent of the initial cover up. To counter allegations of deliberate malfeasance, Beijing released a lengthy document on its Foreign Ministry webpage and via Xinhau, the state-media outlet, accusing the United States of lying about the origin of the virus as a means to deflect attention from its own poor handling of the pandemic. Yet both accounts can be true—the CCP’s efforts to downplay the virus contributed to its spread, and that is entirely unrelated to the inept response from the United States in failing to prepare adequate public health measures and policies to protect the American people. The back-and-forth obscures a more troubling reality—China’s continued campaign of cyber espionage and intellectual property theft. 

Recent reporting has indicated that the level and sophistication of China’s cyber espionage has continued unabated during the pandemic. Cybercrime will likely increase during an extended ‘work from home’ period where more people are online for longer hours than at any point in recent memory. A cyber group called Naikon, associated with the People’s Liberation Army Unit 78020 (a known Chinese military cyber espionage unit) has been linked to recent penetrations of networks in Australia. The attackers used a new and extremely powerful tool called Aria-body, that can ‘infect’ a computer, establish undetected communications with the attacker, and steal everything on the network. Naikon APT (Advanced Persistent Threats) has been implicated in cyberattacks against numerous countries in the Asia-Pacific, including Australia, Vietnam, Thailand, the Philippines, and Indonesia. The Aria-body tool is particularly effective because the malware can come from ‘trusted sources’ and uses legitimate executables such as opening a Word document; it also logs keystrokes and takes screenshots, as well as uses the infected system’s own servers to spread.

China is relentless in its illegal pursuit to steal intellectual property across a range of industries, from software to agriculture. Chinese spies and hackers also target academics and their research, as well as U.S. government secrets related to ongoing national defense projects . IP theft by the Chinese has been a source of tension between Washington and Beijing for decades. These actions are a significant stumbling block, among many, that hinder effective relations between the two rival countries. Opposition to Beijing’s cyber campaigns is widespread because China targets so many industries and countries; in response, Beijing simply denies any involvement while saying the accusations are either baseless or malicious. During the coronavirus pandemic, China has launched cyberattacks in conjunction with a disinformation campaign designed to portray Washington as responsible for the outbreak, while simultaneously framing Beijing’s actions as altruistic and essential to helping other nations by providing resources and aid. 

.

For tailored research and analysis, please contact:  info@thesoufancenter.org

SUBSCRIBE TO INTELBRIEFS