‘They have the manpower, they are extremely focused … and leverage AI and technology for maximizing their attacks,’ one expert said.
For many years, the U.S. government, as well as many cybersecurity experts, have considered China to be the greatest cybersecurity threat.
The Chinese Communist Party (CCP) uses an extensive network of hacker groups to collect intelligence and intellectual property as well as compromise critical systems as part of a hybrid warfare strategy meant to defeat the United States without necessarily engaging in kinetic war, experts say.
Cybersecurity companies have identified close to 200 hacker groups linked to China, most of them classified as Advanced Persistent Threats (APT). Some groups are part of the People’s Liberation Army (PLA), the CCP military. Some are part of the Ministry of State Security (MSS), China’s main intelligence agency. Others work from nominally private companies, usually under MSS control. Still others are freelancers, using their skills both for the CCP’s benefit as well as for personal gain.
Their real identity is seldom known and cybersecurity companies usually give them nicknames based on their methods and suspected base of operation. As such, groups with different names may in fact belong to a single CCP entity and they may also appear to go inactive if they adopt a new toolkit.
“The danger in dealing with these state-sponsored actors is their almost limitless resources and the willingness to play the long game,” said Bob Erdman, an associate vice president for Research and Development at Fortra, a cybersecurity firm.
“They will spend years collecting information and setting the groundwork for their operations. They also have access to the entire intelligence apparatus, which can provide an excellent source of information but also a framework and infrastructure to carry out these operations.”
Access to China’s internet infrastructure allows for “man-in-the-middle” attacks “to exploit users whose internet traffic happens to transit infrastructure owned or built by China,” he told The Epoch Times in a text message.
Their main target is the United States: not just the U.S. government, but also private companies of strategic interest to the CCP. The list of targeted industries is long, from major military contractors to aerospace and aviation, computer software and hardware developers, telecom, electronics, engineering, mining, shipping, pharmaceutics, energy, and even education.
Some hacker groups have shown keen interest in detecting vulnerabilities in U.S. critical infrastructure including power grids and water supply. And some groups specifically target dissidents and CCP critics overseas.
“To the CCP, cyber is one of many methods of unrestricted war: weakening your enemy from the inside with no rules just short of conventional war,” explained Casey Fleming, a strategic risk and intelligence expert and the CEO of BlackOps Partners.
By Petr Svab
