The Mystery of China’s Sudden Warnings About US Hackers

China Flag with Digital Matrix - Innovation Concept - Digital Tech Wallpaper - 3D Illustration
Enlarge / China Flag with Digital Matrix – Innovation Concept – Digital Tech Wallpaper – 3D Illustration | Getty Images

For the better part of a decade, US officials and cybersecurity firms have named and humiliated hackers they believe work for the Chinese government. According to security experts, these hackers stole terabytes of data from companies such as pharmaceutical and video game companies, compromised servers, stripped security protections and hijacked hacking tools. And as China’s alleged hacking has grown more brazen, individual Chinese hackers are facing indictments. However, things can change.

Since the start of 2022, China’s Foreign Ministry and the country’s cybersecurity firms have increasingly exposed suspected US cyber espionage. Until now, such allegations were rare. But the disclosures have a catch: they appear to rely on years-old technical details that are already known to the public and contain no fresh information. The move could be a strategic shift for China as the country strives to cement its position as a tech superpower.

“These are useful materials for China’s tit for tat propaganda campaigns when accused and charged by the United States of China’s cyber espionage activities,” said Che Chang, cyber threat analyst at the Taiwan-based cybersecurity company TeamT5.

China’s accusations, noted by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, Chinese security firm Pangu Lab published allegations that elite hackers from the US National Security Agency’s Equation Group used a backdoor, dubbed Bvp47, to monitor 45 countries. The Global Times, a tabloid that is part of China’s state-controlled media, published an exclusive report on the research. A few weeks later, on March 14, the newspaper published a second exclusive article on another NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 alleged that American hackers had attacked Chinese companies and organizations. And on April 19, the Global Times reported on further findings by the National Computer Virus Emergency Response Center regarding HIVE, CIA-developed malware.

The reports are accompanied by a slew of statements – often in response to questions from the media – by Chinese Foreign Ministry spokespersons. “China is gravely concerned about the US government’s irresponsible malicious cyber activities,” Foreign Ministry spokesman Wang Wenbin said in April after one of the announcements. “We urge the US side to explain themselves and immediately cease these malicious activities.” In the first nine days of May, Foreign Office spokespersons commented on US cyber activities at least three times. “You can’t whiten yourself by smearing others,” Zhao Lijian said in one instance.

While cyber activity undertaken by state actors is often shrouded in highly classified files, many US-developed hacking tools are no longer secret. In 2017, WikiLeaks published 9,000 documents in Vault7 leaks, which detailed numerous CIA tools. A year earlier, the mysterious Shadow Brokers hacking group stole data from one of the NSA’s elite hacking teams and slowly released the data to the world. The Shadow Brokers leaks included dozens of exploits and new zero-days, including the Eternal Blue hack tool, which has since been repeatedly used in some of the biggest cyberattacks. Many of the details in the Shadow Brokers leaks match NSA details leaked by Edward Snowden in 2013. (An NSA spokesperson said he had “no comment” for this story; the agency generally does not comment on its activities.)

Leave a Comment