The allegations against China regarding cyber espionage have sparked heated debate at the global level. Several countries including the Philippines, Netherland and US have reported cyberattacks originating from Chinese entities. US officials recently claimed to have disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. The head of the FBI had warned that Beijing was positioning itself to disrupt the daily lives of Americans if the United States and China ever go to war.
US is not alone. Several other countries including the Philippines and the Netherlands, have reported thwarting cyberattacks originating from Chinese entities. These incidents have raised concerns about the extent of China’s involvement in cyber activities targeting foreign governments, businesses, and institutions.
One of the latest incidents involved Dutch intelligence agencies which attributed cyber espionage to Chinese state-backed actors. According to reports, these actors gained unauthorized access to a Dutch military network, marking the first public attribution of such activity to China by the Netherlands. This development underscored the evolving nature of cyber threats and the challenges faced by nations in defending against them.
In response to these allegations, the Chinese embassy in the Netherlands issued a statement vehemently denying any involvement in cyberattacks. The embassy emphasized China’s stance against illegal activities and called for cooperation in safeguarding cybersecurity. This denial was a reflection of China’s consistent position on cybersecurity issues, where it has repeatedly stated its opposition to cyber espionage and commitment to upholding cybersecurity laws.
Meanwhile, China has escalated its media campaign alleging US hacking operations, following condemnation from the US, UK and EU in July 2021 over Chinese cyber activities.
According to a recent report in Sentinel Labs, this offensive strategy involved cooperation between Chinese cybersecurity firms, government agencies and state media to amplify accusations against the US.
Until 2023, these allegations lacked substantive technical analysis as the analysis primarily relied on recycled US intelligence documents. However, the narrative shifted in mid-2023, with China reportedly dropping the pretense of technical validation and relying solely on state media to disseminate accusations.
In the report, China-focused consultant Dakota Cary noted that China’s cyber-focused media onslaught preceded the 2023 disclosure by China’s Ministry of State Security, revealing instances of Western spying within China. Notably, these allegations lacked substantial evidence but were nonetheless widely publicized.
However, experts said that their concern about the activities of certain hacking groups allegedly linked to the countrystill persist. One such group, Volt Typhoon, has attracted attention from intelligence officials who warn of its efforts to compromise Western critical infrastructure. News reports suggested that Volt Typhoon’s activities extended beyond traditional espionage, targeting naval ports, internet service providers, and utilities. These revelations highlighted the evolving tactics employed by cyber actors and the need for enhanced cybersecurity measures.
According to an article in the lawfare institute,Cybersecurity and Infrastructure Security Agency (CISA) Executive Director Brandon Wales has described China as “the number one geostrategic challenge for the United States, both broadly and then absolutely within the cyber realm.” This may come as a surprise to some readers given the pressing national security concerns in Ukraine and the Middle East, each with their own set of hacking operations by Russia and Iran to deter. But while these digital threats may be most urgent, recent analyses by U.S. government officials suggested that China may be the most important cyber threat at the moment.
The Department of Defence in its report warned that hackers in China—who have targeted U.S. government systems, including within the department—are stealing “sensitive information from the critical defense infrastructure and research institutes.” The Department gave its report to Congress in October 2023 in which it identified three possible motives, describing the attacks as designed for “economic and military advantage and possibly for cyberattack preparations.” In the event of a conflict, China-based hackers have developed tools to attack U.S. critical infrastructure, including the “disruption of a natural gas pipeline for days to weeks,” the department assessed. The department had reviewed China’s military and security activity over the course of 2022.
The challenge of attributing cyberattacks to specific actors like China is not new. Cyber operations often involve sophisticated techniques to conceal the identity of perpetrators, making it difficult to definitively attribute attacks. This attribution challenge underscored the importance of robust cybersecurity capabilities and international collaboration in investigating and addressing cyber threats. The allegations against China regarding cyber espionage underscore the complex and evolving nature of cybersecurity challenges facing the international community. While attribution remains a significant challenge, there is a clear imperative for nations to work together to address cyber threats effectively.