For the better part of a decade, US officials and cybersecurity firms have named and shamed hackers who they believe are working for the Chinese government. These hackers have stolen terabytes of data from companies such as drug companies and video game companies, compromised servers, stripped protections and hijacked hacking tools, according to security experts. And as China’s alleged hacking has become more brutal, individual Chinese hackers are being sued. However, things can change.
Since the beginning of 2022, China’s Ministry of Foreign Affairs and the country’s cybersecurity firms have been increasingly calling for alleged US cyber espionage. Until now, these allegations were a rarity. But the revelations have a catch: They seem to rely on years of technical details, which are already publicly known and contain no new information. The move could represent a strategic shift for China as the country struggles to cement its position as a tech superpower.
“This is useful material for China’s top-of-the-line propaganda campaigns as they faced US allegations and indictments of China’s cyberespionage activities,” said Che Chang, a cyberthreat analyst at Taiwan-based cybersecurity firm TeamT5.
China’s allegations, noted by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, Chinese security firm Pangu Lab released allegations that the US National Security Agency’s elite Equation Group hackers used a backdoor called Bvp47 to control 45 countries. The Global Times, a tabloid newspaper that is part of the state-controlled Chinese media, published an exclusive report on the investigation. Weeks later, on March 14, the newspaper ran a second exclusive story about another NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity company Qihoo 360 claimed that US hackers had attacked Chinese companies and organizations. And on April 19, the Global Times reported on further findings from the National Computer Virus Emergency Response Center about HIVE, malware developed by the CIA.
The reports are accompanied by a flurry of statements – often in response to media inquiries – from spokesmen for China’s foreign ministry. “China is deeply concerned about the irresponsible malicious cyber activities of the US government,” State Department spokesman Wang Wenbin said in April after one of the announcements. “We urge the US to explain itself and immediately stop such malicious activity.” In the first nine days of May, State Department spokesmen commented on U.S. cyber activities at least three times. “You can’t whitewash yourself by smearing others,” Zhao Lijian said in one case.
While cyber activities of state actors are often packaged in highly classified files, many US-developed hacking tools are no longer secret. In 2017, WikiLeaks published 9,000 documents in the Vault7 leaks, detailing many of the CIA’s tools. A year earlier, the mysterious Shadow Brokers hacking group stole data from one of the NSA’s elite hacking teams and slowly trickled the data into the world. The Shadow Brokers leaks include dozens of exploits and new zero-days, including the Eternal Blue hacking tool, which has since been used repeatedly in some of the biggest cyber-attacks. Many of the details in the Shadow Brokers leaks match details about NSA disclosed by Edward Snowden in 2013 (An NSA spokesperson said it has “no comment” on this story; the agency routinely does not comment on its activities. .)