Washington, US: US security agencies have issued an advisory for US and other allies against the Chinese state sponsored cyber activities
A Joint Cybersecurity Advisory (CSA) issued on Monday states that state-backed cyber actors aggressively target political, economic, military, educational, and critical infrastructure (CI) to steal sensitive data, and emerging key technologies, intellectual property, and personally identifiable information (PII).
An unprecedented group of US allies and partners, including the EU, the UK, Australia, Canada, New Zealand, Japan, and NATO, have joined in exposing and criticising China’s Ministry of State Security’s malicious cyber activities. This is the first time NATO has condemned China’s cyber activities.
The joint advisory exposes how some cyber actors target sectors include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China’s long-term economic and military development objectives, the advisory said.
The advisory, titled Chinese State-Sponsored Cyber Operations: Observed TTPs, provides information on nearly 50 tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors when targeting the US and allied networks.
The new advisory builds on previous National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) reporting to inform all government and private industry organizations about persistent methods through collaborative analysis.
Some of the notable malicious trends identified by US security agencies include the acquisition of infrastructure and capabilities; exploitation of public vulnerabilities; and use of “encrypted multi-hop proxies”.
In concerning development, state-backed Chinese cyber actors have been assessed to perform reconnaissance on widely used Microsoft® 365 (M365), with the intent of further gaining information about the networks.
“These scans can be automated, through Python® scripts, to locate certain files, paths, or vulnerabilities. The cyber actors can gain valuable information on the victim network, such as the allocated resources, an organization’s fully qualified domain name, IP address space, and open ports to target or exploit,” the advisory states.
Before the release of this advisory, a senior US administration official on Monday said that the United States has long been concerned about the People’s Republic of China’s irresponsible and destabilizing behavior in cyberspace.
“Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.”
The revelation comes on the heel of a joint statement issued by the Group of Seven (G7) nation in June where they highlighted threats to freedom and democracy from manipulation of information, including disinformation, and cyber-attacks.
“From the G7 and EU commitments around ransomware, to NATO adopting a new cyber defense policy for the first time in seven years, we’re putting forward a common cyber approach with our allies and laying down clear expectations on how responsible nations behave in cyberspace,” senior US administration official said.