Explosive cyber front between China and the United States

Estimated read time 3 min read

Explosive cyber front between China and the United States

Last month, the US government published a report highlighting the main software vulnerabilities commonly exploited in 2022. Several vulnerabilities have been used by Chinese state-sponsored cyberactors, according to the statement of August 3 published by the American security agencies and their Five Eyes allies, namely Australia, New Zealand, Canada and the United Kingdom.

The Chinese government, meanwhile, accused the American intelligence services of being behind an attack carried out in July 2023 against the Wuhan Earthquake Monitoring Center, citing a “very complex” malware used during the incident. incident.

Beijing said the attack appeared to have come from U.S. hackers. It would have targeted network equipment that collected seismic data, information that would affect national security. The Chinese authorities suggest that access to this kind of data may allow hackers to estimate the size of underground structures and determine if it is a military base.

From brazenness to stealth

As these two examples remind us, the cyber front between China and the United States seems particularly hot. “Chinese cyber espionage has evolved a lot,” notes John Hultquist, chief analyst at Google Cloud Mandiant. “They have transformed their capacity, which was dominated by large, noisy campaigns that were much easier to detect,” he continues. They used to be brazen, today they are clearly focused on stealth.”

“The result is a much more difficult opponent to track and detect,” John Hultquist wrote in a comment note on Microsoft’s recent security breach. It is believed to be the work of cyberattackers based in China, dubbed Storm-0558. This attack would be indicative of the skills that have improved significantly in recent years.

According to Google Cloud Mandiant, Chinese cyber-espionage activities are indeed increasingly relying on strategies to minimize intrusion detection. This involves the use of zero-days, these unknown vulnerabilities, targeting routers or other methods to hide its traces.

Not very sophisticated attacks

A finding, however, tempered by Candid Wuest, vice-president of research on cyber protection at Acronis. For the latter, if the attacks related to China are more numerous, they are generally not sophisticated in nature, he said. And to suggest that this simplicity could be due to the fact that there is little reason to improve their tactics if these attacks continue to be effective.

For example, Chinese actors still practice targeted phishing, a basic technique. Describing Chinese-related attacks as sophisticated could also be a way for Western administrations to make organizations aware of the need for good cyber defense, Mr. Wuest said.

On the contrary, he recalls, there are generally few echoes of hacking attempts attributed to the American government. But that’s because their attacks are very targeted and they cause one or two victims rather than hundreds. They thus often go unnoticed.

However, of the five most active countries on the cyber front – China, Russia, the United States, North Korea and Iran – Washington is undoubtedly the most sophisticated actor, estimates Candid Wuest. And to recall, for example, that the Equation group used a specific encryption algorithm in a series of targeted attacks ten years ago. It has remained, until today, inviolable.

Source: “ZDNet.com “

You May Also Like

More From Author