Chinese espionage in the United States

Last updated

U.S. Department of Justice among others announced 23 criminal charges (Financial Fraud, Money Laundering, Conspiracy to Defraud the United States, Theft of Trade Secret Technology and Sanctions Violations, etc.) against Huawei and its CFO Wanzhou Meng U.S. Homeland Security Secretary Kirstjen Nielsen, Acting Attorney General Matthew Whitaker, Commerce Secretary Wilbur Ross, FBI Director Christopher Wray Announces 23 Criminal Charges Against China's Huawei & Wanzhou Meng.jpg
U.S. Department of Justice among others announced 23 criminal charges (Financial Fraud, Money Laundering, Conspiracy to Defraud the United States, Theft of Trade Secret Technology and Sanctions Violations, etc.) against Huawei and its CFO Wanzhou Meng

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies [1] [2] in order to support China's long-term military and commercial development. [3] Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology (using U.S. law to avoid prosecution), including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. [4] Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak, Peter Lee, and Shujun Wang. [5] The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Contents

In addition to traditional espionage, China partners civilian-in-name Chinese companies with American businesses to acquire technology and economic data [6] and uses cyber spying to penetrate the computer networks of U.S. businesses and government agencies, such as the 2009 Operation Aurora and the 2015 Office of Personnel Management data breach. [7] U.S. law enforcement officials have identified China as the most active foreign power involved in the illegal acquisition of American technology. [8] [9]

During its martial law period (1949–1987) the Republic of China government on Taiwan spied on its citizens abroad, especially in the United States.

Methods

China has used a variety of methods to gather intelligence in the United States. [10] [11] [12] [13] [14] Individuals attempt to obtain targeted information from open sources such as libraries, research institutions and unclassified databases. [10] Chinese travelers are recruited to carry out specific intelligence activities, and China debriefs returnees from exchange programs, trade missions and scientific-cooperation programs. [15] Chinese citizens may be coerced to cooperate. [16]

Much technology acquisition occurs through commerce and commercial regulations. The regulatory and commercial environment in China pressures American and other foreign companies to transfer technology, capital and manufacturing expertise, especially in defense-related or dual-use industries such as computers, to their Chinese partners as part of doing business in China's huge, lucrative markets. [17] [18] Chinese agents purchase high-tech equipment through front organizations in Hong Kong. [15] [17] China also uses state-run firms to purchase American companies with access to the targeted technology. [15]

China also accesses foreign technology through industrial espionage, [17] with U.S. Immigration and Customs Enforcement officials rating China's industrial-espionage and theft operations as the leading threat to U.S. technological security. [19] In 2021, Acting NCSC Director Michael Orlando estimated that China stole between $200 billion and $600 billion worth of American intellectual property every year. [20] Between October 2002 and January 2003 five Chinese businessmen were accused of illegally shipping equipment and trade secrets from California to China, [10] and U.S. officials prevented a Chinese man from shipping a new, high-speed computer used in classified projects (including nuclear-weapons development) from Sandia National Laboratories. [10]

In July 2020, FBI Director Christopher A. Wray called China the "greatest long-term threat" to the United States. He said that "the FBI is now opening a new China-related counterintelligence case every 10 hours. Of the nearly 5,000 active counterintelligence cases currently under way across the country, almost half are related to China." [21] For example, Eric Swalwell, who serves on the House Permanent Select Committee on Intelligence, [22] was in the past targeted by a Chinese woman believed to be a clandestine officer of China's Ministry of State Security. [23] [24] The alleged Chinese spy later participated in fundraising for Swalwell's 2014 congressional election bid and helped place an intern inside Swalwell's congressional office. [25] FBI gave Swalwell a "defensive briefing" in 2015, informing him that woman was a suspected Chinese agent. [26]

In 2015, the Obama administration protested to Beijing after discovering that Chinese agents, as part of Operation Fox Hunt, were tracking down Chinese dissidents in the United States to pressure them to return to China for prosecution. [27] In October 2020 FBI Director Christopher Wray said that "when it couldn’t locate a Fox Hunt target, the Chinese government sent an emissary to visit the victim’s family here in the United States. And the message they said to pass on? The target had two options: Return to China promptly or commit suicide. And what happens when Fox Hunt targets do refuse to return to China? Their family members, both here in the United States and in China, have been threatened and coerced; and those back in China have even been arrested for leverage." [28] [29] In July 2021, ProPublica reported that Operation Fox Hunt, nominally focused on economic crimes, was targeting "Tibetans, Hong Kongers, followers of the Falun Gong religious movement and, perhaps most visibly, the Uyghurs". ProPublica reported that a team of Communist Party operatives and police based in Wuhan had been roaming the United States pressuring Chinese immigrant communities, with the spies performing stalking in plain sight and hiring a US-based private investigator. For example, in a 2018 New Jersey court case a former Chinese official living in the U.S. was sued by the Wuhan-based Xinba Construction Group. The expatriate was harassed outside of court and received notes threatening his family. Later he received a video from his family in China imploring him to return with a staged shot implying the video was coerced by the Chinese government according to investigators. [30]

Nuclear espionage

A 1999 United States House of Representatives Select Committee on U.S. National Security and Military and Commercial Concerns with the People's Republic of China report, known as the Cox Report, warned that China has stolen classified information on every thermonuclear warhead in the country's intercontinental ballistic missile arsenal. [31] Information is collected through espionage, reviews of U.S. technical and academic publications and interaction with U.S. scientists. [32] China tasks a large number of individuals to collect small pieces of information (which are collated and analyzed), [32] and individual agents can more easily escape suspicion. U.S. government personnel suspect that China's intelligence-gathering efforts directed towards the development of modern nuclear weapons are focused on the Los Alamos, Lawrence Livermore, Sandia and Oak Ridge National Laboratories. [32] China is known to have stolen classified information on the W-56 Minuteman II ICBM, the W-62 Minuteman III ICBM, the W-70 Lance short-range ballistic missile (SRBM), the W-76 Trident C-4 submarine-launched ballistic missile (SLBM), the W-78 Minuteman III Mark 12A ICBM, the W-87 Peacekeeper ICBM and the W-88 Trident D-5 SLBM and weapon-design concepts and features. [33]

In 2016, the U.S. Justice Department charged China General Nuclear Power Group (CGN) with stealing nuclear secrets from the United States. [34] [35] The Guardian reported: "According to the US Department of Justice, the FBI has discovered evidence that China General Nuclear Power (CGN) has been engaged in a conspiracy to steal US nuclear secrets stretching back almost two decades. Both CGN and one of the corporation’s senior advisers, Szuhsiung Ho, have been charged with conspiring to help the Chinese government develop nuclear material in a manner that is in clear breach of US law." [36]

Cyberwarfare

China conducts political and corporate espionage to access the networks of financial, defense and technology companies and research institutions in the United States. [37] Email attachments attempting to enter the networks of U.S. companies and organizations exploit security weaknesses in software. [37] A recipient opens an email attachment, apparently from a familiar source, containing a program which embeds in the recipient's computer. The remotely controlled program allows an attacker to access the recipient's email, send sensitive documents to specific addresses and turns on such instruments as web cameras or microphones. [37]

Just using cyber means, Chinese government hackers have stolen more of our personal and corporate data than every other nation combined. The harm from the Chinese government’s economic espionage isn’t just that its companies pull ahead based on illegally gotten technology. While they pull ahead, they push our companies and workers behind. And that harm—company failures, job losses—has been building for a decade to the crush that we feel today. It’s harm felt across the country in a whole range of industries.
Director of the FBI Christopher Wray,Countering Threats Posed by the Chinese Government Inside the U.S., Remarks at Ronald Reagan Presidential Library and Museum, January 21, 2022)

In January 2010, Google reported "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google". [38] According to investigators, the Google cyber-attack targeted the Gmail accounts of Chinese human-rights activists. [38] At least 34 other companies have been attacked, including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical. [37]

In January 2013, The New York Times reported that it was the victim of hacking attempts originating from China during the previous four months after it published an article on Prime Minister Wen Jiabao. According to the newspaper, the "attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations." [39]

Chinese cyber-attacks seem to target strategic industries in which China lags; [37] attacks on defense companies target weapons-systems information, and attacks on technology companies seek source code critical to software applications. [37] Operation Aurora emphasized what senior U.S. government officials have called an increasingly serious cyber threat to critical industries. [37]

On August 6, 2020, U.S. President Donald Trump officially extended restrictions against Chinese-owned apps by signing two executive orders that would ban U.S. residents from doing business with TikTok and WeChat, a popular messaging platform run by Tencent Holdings Ltd. The ban was enacted, citing the security risk of leaving Americans’ personal data exposed. [40] However, on September 28, 2020, the ban was temporarily blocked by a federal judge. [41]

In January 2024, US authorities stated that they disrupted an operation by the Chinese state advanced persistent threat called Volt Typhoon to target US critical infrastructure. [42]

In October 2024, The Washington Post reported that the U.S. federal government formed a multi-agency team to address the 2024 U.S. internet service provider hack, conducted by Salt Typhoon, that affected systems that track federal wiretap requests. [43]

2010–2012 compromise of CIA network

Between 2010 and 2012, intelligence breaches led to Chinese authorities dismantling CIA intelligence networks in the country, killing and arresting a large number of CIA assets within China. [44] A joint CIA/FBI counterintelligence operation, codenamed "Honey Bear", was unable to definitively determine the source of the compromises, though theories include the existence of a mole, cyber-espionage, compromise of Hillary Clinton's illicit classified email server as noted by the intelligence community inspector general, [45] or poor tradecraft. [44] Mark Kelton, then the deputy director of the National Clandestine Service for Counterintelligence, was initially skeptical that a mole was to blame. [44]

In January 2018, a former CIA officer named Jerry Chun Shing Lee [note 1] was arrested at John F. Kennedy International Airport, on suspicion of helping dismantle the CIA's network of informants in China. [48] [49]

Cyber cases

In 2007 the computer security company McAfee alleged that China was actively involved in cyberwarfare, accusing the country of cyber-attacks on India, Germany and the United States; China denied knowledge of these attacks.[ citation needed ] In September 2007 former senior U.S. information security official Paul Strassmann said that 735,598 computers in the U.S. were "infested with Chinese zombies"; computers infected in this manner can theoretically form a botnet capable of carrying out unsophisticated yet potentially dangerous denial-of-service attacks. [50] A cyber spying network known as GhostNet, using servers primarily based in China, was reported as tapping into the classified documents of government and private organizations in 103 countries (including Tibetan exiles); [51] [52] China denied the claim. [53] [54]

In a July 2021 joint statement with NATO, the EU, and other Western nations, the US accused the Ministry of State Security of perpetrating several cyberattacks, most notably the 2021 Microsoft Exchange Server data breach. [55] [56] [57] [58]

APT 1

In December 2009 and January 2010 a cyberattack, known as Operation Aurora, was launched from China on Google and over 20 other companies. [59] Google said that the attacks originated from China, and it would "review the feasibility" of its business operations in China as a result of the incident. According to Google, at least 20 other companies in a variety of sectors were also targeted by the attacks. According to McAfee, "this is the highest profile attack of its kind that we have seen in recent memory." [60]

In May 2014, a U.S. federal grand jury indicted five Chinese military officers for cyber espionage and stealing trade secrets. [2] It was alleged that the officers hacked into the computers of six U.S. companies to steal information that would provide an economic advantage to Chinese competitors, including Chinese state-owned enterprises. The Chinese government commented that the charges were "made-up", and the indictment would damage trust between the two nations. [61] Although the indictments have been called relatively meaningless, they could limit travel by the officers due to U.S. extradition treaties. [62]

APT 3

In November 2017, the Department of Justice charged three Chinese employees of Guangzhou Bo Yu Information Technology Company Limited with hacking into corporate entities in the United States, including Siemens AG, Moody's Analytics, and Trimble Inc. [63]

APT 10

Since at least 2013, a Chinese espionage group called TEMP.Periscope by FireEye is reported to have been engaged in espionage against maritime-related subjects. [64] FireEye reported that the information targeted was likely of commercial and economic importance. [64]

The People's Liberation Army (PLA) was tied to economic espionage involving stolen business plans, intellectual property, and infringed on private conversations from Westinghouse Electric and United States Steel Corporation. [65]

Chinese hackers have stolen information on the Patriot missile system, the F-35 Joint Strike Fighter, and the U.S. Navy's new Littoral combat ship. These blueprints of U.S. weapon and control systems were stolen to advance the development of Chinese weaponry. [66]

The protection of the South China Sea is highly important to the U.S. because a Chinese Cyber Unit has already succeeded in an intrusion into the Philippine's government and military networks. Military documents, internal communications, and other sensitive materials related to the dispute were lost due to the cyber invasion. [67]

In January and February 2018, Chinese state cyber actors reportedly stole 614 gigabytes of data from a Naval Undersea Warfare Center-affiliated contractor. [68] The compromised material reportedly included information on a project dubbed "Sea Dragon", as well as United States Navy submarine cryptographic systems and electronic warfare. [68]

The New York Times reported that Russia and China are routinely eavesdropping on calls from an iPhone used by President Donald Trump, with China reportedly attempting to influence the President by identifying and influencing the people Trump is regularly in contact with. [69] [70]

According to the cybersecurity firm Area 1, hackers working for the People's Liberation Army Strategic Support Force compromised the networks of the AFL–CIO in order to gain information on negotiations for the Trans-Pacific Partnership. [71]

As part of a campaign called Cloudhopper, hackers working for the Ministry of State Security compromised the networks of IBM and Hewlett Packard Enterprise, and used that access to compromise those companies' clients. [72] [73] The Cloudhopper attacks began no later than 2014, and included targets in Brazil, Germany, India, Japan, the United Arab Emirates, the United Kingdom, and the United States. [73]

In October 2018, Bloomberg Businessweek published a story which alleged that Supermicro's contractors in China had been compromised by the People's Liberation Army in an operation to implant microchips with hardware backdoors in its servers. The report was widely disputed by the sources and companies who were named therein. [74] [75]

In March 2019, iDefense reported that Chinese hackers had launched cyberattacks on dozens of academic institutions in an attempt to gain information on technology being developed for the United States Navy. [76] Some of the targets included the University of Hawaii, the University of Washington, the Massachusetts Institute of Technology, and Woods Hole Oceanographic Institution. [76] The attacks have been underway since at least April 2017. [76]

Indictments

On May 19, 2014, the United States Department of Justice announced that a federal grand jury had indicted five People's Liberation Army officers for stealing confidential business information and intellectual property from U.S. commercial firms and planting malware on their computers. [1] [2]

In July 2020, the United States Department of Justice charged two Chinese hackers who allegedly targeted intellectual property and confidential business information, including COVID-19 research. The two hackers allegedly worked with the Guangdong State Security Department of the Ministry of State Security. [77]

In July 2021, the Justice Department credited four Chinese nationals (accused of working for the MSS) with a hacking campaign targeting government, academic, and private institutions; the individuals were each charged with one count of conspiracy to commit computer fraud and conspiracy to commit economic espionage. [55] [56] [57] [58]

Aerospace

In an effort to steal the technology to enable Chinese companies to supply the components for the Comac C919 aircraft, the Chinese engaged in both cyber and HUMINT operations. According to a report from cybersecurity firm Crowdstrike and a US Justice Department indictment, from 2010 to 2015 the Chinese cyberthreat actor Turbine Panda, linked to the Ministry of State Security’s Jiangsu Bureau, penetrated a number of the C919's foreign components manufacturers including Ametek, Capstone Turbine, GE Aviation, Honeywell, Safran, and others and stole intellectual property and industrial processes data with the aim of transitioning component manufacturing to Chinese companies. [78] [79] [80] [81] [82] The report stated that the operations involved both cyber intrusion and theft as well as HUMINT operations, in most cases using a piece of code custom written for this industrial espionage operation. [78] [79] [80] [81]

As of 2019, four people have been arrested in the US as a result of investigations into this economic espionage and theft of trade secrets. [81] Yanjun Xu, a senior intelligence officer of the MSS, was arrested in Belgium and extradited to the US and is alleged to have been involved in recruiting company insiders at multiple aerospace and aviation companies like GE Aviation to gain knowledge about technologies including those involving the use of composite materials in jet engine turbine blades. [83] [84] [82]

Higher education

In September 2020, it was reported that the U.S. State Department cancelled the visas of 1,000 Chinese students and researchers. The authorities claimed that the students had ties to the People's Liberation Army and also accused some of them of conducting espionage. The U.S. began revoking these visas on June 1, 2020. [85]

In December 2020, Axios reported an investigation into the case of a suspected Chinese spy who was enrolled as a student at a Bay Area university. The suspected intelligence operative, known as Christine Fang, developed extensive ties with politicians at local and national levels between 2011 and 2015, including U.S. representative for California's 15th congressional district Eric Swalwell. She was reportedly having sexual or romantic relationships with at least two mayors in the Midwest, according to a former elected official and a U.S. intelligence official. [86] [87]

In January 2020, the U.S. Department of Justice arrested Charles Lieber, Chair of the Department of Chemistry and Chemical Biology at Harvard University. Dr. Lieber was also the Principal Investigator of the Lieber Research Group at Harvard University, giving him direct access to information on nanoscience. The grants he received to oversee this work required him to disclose any foreign financial transactions. In 2011, Dr. Lieber was granted the title of "Strategic Scientist" at the Wuhan University of Technology. He received this role under China's Thousand Talents Program, which seeks to bring the expertise of prominent scientists to China and has been accused of stealing foreign information. He was required to work for the Wuhan lab for at least 9 months out of the year, and he got paid $50,000 per month. Dr. Lieber failed to inform the relevant institutions of his role, and he outright lied about his involvement in the program in 2018 and 2019. [88]

Republic of China (Taiwan) espionage in the United States

During its period of martial law on Taiwan (1949–1987) the Kuomintang (KMT) government of the Republic of China surveilled Taiwanese abroad, most often in Japan and in the United States. [89] :2 The United States Federal Bureau of Investigation often cooperated with or allowed the KMT to surveil Taiwanese students and other Taiwanese migrants in the United States. [89] :15

From the 1964 to 1991, there were scores of reported instances of the KMT spying on Taiwanese students across twenty-one different U.S. college campuses. [89] :5 Student informants to the KMT were part of a surveillance infrastructure called the as the caihong (rainbow) project, named as a play-on-words related to stamping out Red communist bandits. [89] :5 According to academic Wendy Cheng, the KMT's likely first arrest of a U.S. student based on surveillance conducted in the U.S. was that of University of Wisconsin graduate student Hwang Chii-ming. [89] :85

In 1968, recent East-West Center student Chen Yu-Hsi was arrested by the KMT government based on its surveillance of Chen in the United States. [89] :101–102 The Taiwan Garrison Command alleged that Chen had read communist literature including works by Mao Zedong while at the East-West Center library. [89] :103 Chen was convicted of sedition at a July 1968 trial and sentenced to seven years of imprisonment. [89] :104 Chen was released in 1971 after receiving amnesty. [89] :104

According to a 1979 report by the United States Senate Foreign Relations Committee, the Taiwan government operated one of the two most active anti-dissident networks within the United States, with agents infiltrated within universities and campus organizations and large-scale propaganda campaigns implemented through front organizations. [89] :7

In 1981, Carnegie Mellon professor Chen Wen-chen was murdered while in KMT custody. [89] :39

The KMT ordered the 1984 assassination of U.S. citizen Henry Liu in California. [89] :23

See also

Notes

  1. Alternatively known as Zhen Cheng Li. [46] [47]

Related Research Articles

<span class="mw-page-title-main">Industrial espionage</span> Use of espionage for commercial purposes rather than security

Industrial espionage, also known as economic espionage, corporate spying, or corporate espionage, is a form of espionage conducted for commercial purposes instead of purely national security.

<span class="mw-page-title-main">Ministry of State Security (China)</span> Civilian intelligence agency of the Peoples Republic of China

The Ministry of State Security is the principal civilian intelligence, security and secret police agency of the People's Republic of China, responsible for foreign intelligence, counterintelligence, and the political security of the Chinese Communist Party (CCP). One of the largest and most secretive intelligence organizations in the world, it is headquartered in the Haidian District of Beijing, with powerful semi-autonomous branches at the provincial, city, municipality and township levels throughout China.

The Government of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security (MSS), the Ministry of Public Security (MPS), the United Front Work Department (UFWD), People's Liberation Army (PLA) via its Intelligence Bureau of the Joint Staff Department, and numerous front organizations and state-owned enterprises. It employs a variety of tactics including cyber espionage to gain access to sensitive information remotely, signals intelligence, human intelligence as well as influence operations through united front activity targeting overseas Chinese communities and associations. The Chinese government is also engaged in industrial espionage aimed at gathering information and technology to bolster its economy, as well as transnational repression of dissidents abroad such as supporters of the Tibetan independence movement and Uyghurs as well as the Taiwan independence movement, the Hong Kong independence movement, Falun Gong, pro-democracy activists, and other critics of the Chinese Communist Party (CCP). The United States alleges that the degree of intelligence activity is unprecedented in its assertiveness and engagement in multiple host countries, particularly the United States, with economic damages estimated to run into the hundreds of billions according to the Center for Strategic and International Studies.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies undetected. Its command and control infrastructure is based mainly in the People's Republic of China and GhostNet has infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Russian espionage in the United States has occurred since at least the Cold War, and likely well before. According to the United States government, by 2007 it had reached Cold War levels.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

<span class="mw-page-title-main">PLA Unit 61398</span> Chinese advanced persistent threat unit

PLA Unit 61398 is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai, and has been cited by US intelligence agencies since 2002.

Mandiant, Inc. is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

PLA Unit 61486 is a People's Liberation Army unit dedicated to cyberattacks on American, Japanese, and European corporations focused on satellite and communications technology. It is a unit that takes part in China's campaign to steal trade and military secrets from foreign targets.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

DarkMatter Group is a computer security company founded in the United Arab Emirates (UAE) in 2014 or 2015. The company has described itself as a purely defensive company, however in 2016, it became a contractor for Project Raven, to help the UAE surveil other governments, militants, and human rights activists. It has employed former U.S. intelligence operatives and graduates of the Israel Defense Force technology units.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

China is regularly accused by the United States and several other nations of state-organized economic espionage and theft of intellectual property, in violation of international trade agreements. The espionage and theft are not be limited to business, but also include academia and government. The Ministry of State Security (MSS), united front groups, and their affiliates have been reported as frequent perpetrators of such theft.

References

Citations

  1. 1 2 Finkle, J. Menn, J., Viswanatha, J. U.S. accuses China of cyber spying on American companies. Archived October 6, 2014, at the Wayback Machine Reuters, Mon 19 May 2014 6:04pm EDT.
  2. 1 2 3 Clayton, M. US indicts five in China's secret 'Unit 61398' for cyber-spying. Archived May 20, 2014, at the Wayback Machine Christian Science Monitor, May 19, 2014
  3. Mattis, Peter; Brazil, Matthew (November 15, 2019). Chinese Communist Espionage: An Intelligence Primer. Naval Institute Press. ISBN   978-1-68247-304-7. Archived from the original on March 27, 2021. Retrieved December 2, 2019.
  4. deGraffenreid, p. 30.
  5. Wortzel, p. 6.
  6. Wortzel, p. 9.
  7. Helft, Miguel and John Markoff, "In Rebuke of China, Focus Falls on Cybersecuirty," The New York Times, January 13, 2010.
  8. Solomon, Jay (August 10, 2005). "FBI Sees Big Threat From Chinese Spies; Businesses Wonder". The Wall Street Journal . ISSN   0099-9660. Archived from the original on February 11, 2021. Retrieved October 4, 2020.
  9. Wortzel, p. 8.
  10. 1 2 3 4 Polmar, Norman and Thomas B. Allen, Spy Book: The Encyclopedia of Espionage, Second Edition, (New York, NY: Random House Reference, 2004), p. 125.
  11. "China Seen in Push to Gain Technology Insights". The New York Times. June 6, 2013. Archived from the original on May 16, 2017. Retrieved June 18, 2017.
  12. Markoff, John; Rosenberg, Matthew (February 3, 2017). "China's Intelligent Weaponry Gets Smarter". The New York Times. Archived from the original on May 28, 2017. Retrieved June 18, 2017.
  13. "The Unpleasant Truth About Chinese Espionage". The New York Observer . April 22, 2016. Archived from the original on June 17, 2017. Retrieved June 18, 2017.
  14. "Navy officer accused of passing secrets faces espionage and prostitution charges". Washington Post. Archived from the original on May 18, 2017. Retrieved June 18, 2017.
  15. 1 2 3 Eftimiades, p. 28.
  16. Wortzel, p. 5.
  17. 1 2 3 Wortzel, p. 4.
  18. Wortzel, p. 3.
  19. U.S. Department of Defense, Annual Report to Congress on the Military Power of the People's Republic of China, (Washington, DC: July 2007), p. 29.
  20. Morell, Michael (May 12, 2021). "Top counterintelligence official Mike Orlando on foreign espionage threats facing U.S. - "Intelligence Matters"". CBS News . Retrieved May 23, 2021.
  21. "FBI Director Wray warns of Chinese hacking, espionage threats against American companies". The Hill. July 7, 2020. Archived from the original on July 8, 2020. Retrieved July 13, 2020.
  22. "For NY Times, no news is fit to print about Rep. Swalwell and a spy". The Hill. December 17, 2020. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  23. Collman, Ashley (December 8, 2020). "A suspected Chinese spy slept with at least 2 mayors and got close to Democratic Rep. Eric Swalwell in a years-long intelligence campaign, report says". Business Insider . Archived from the original on February 24, 2021. Retrieved December 18, 2020.
  24. Allen-Ebrahimian, Bethany; Dorfman, Zach (December 8, 2020). "Exclusive: Suspected Chinese spy targeted California politicians". Axios . Archived from the original on December 10, 2020. Retrieved December 18, 2020.
  25. "Top GOP lawmakers call for Swalwell to be removed from Intelligence Committee". The Hill. December 15, 2020. Archived from the original on March 2, 2021. Retrieved December 18, 2020.
  26. "Eric Swalwell and the spy: A lesson in how China is undermining us". The Hill. December 14, 2020. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  27. Mazzetti, Mark; Levin, Dan (August 16, 2015). "Obama Administration Warns Beijing About Covert Agents Operating in U.S." The New York Times. ISSN   0362-4331 . Retrieved August 17, 2022.
  28. "FBI Director Christopher Wray's Remarks at Press Conference Regarding China's Operation Fox Hunt". Federal Bureau of Investigation. Retrieved August 17, 2022.
  29. Macias, Amanda (October 28, 2020). "FBI arrests five in alleged 'Operation Fox Hunt' plot to stalk and pressure citizens to return to China". CNBC. Retrieved August 17, 2022.
  30. Berg, Sebastian Rotella,Kirsten (July 22, 2021). "Operation Fox Hunt: How China Exports Repression Using a Network of Spies Hidden in Plain Sight". ProPublica. Retrieved August 17, 2022.{{cite web}}: CS1 maint: multiple names: authors list (link)
  31. deGraffenreid, p. 99.
  32. 1 2 3 deGraffenreid, p. 98.
  33. deGraffenreid, p. 100.
  34. "U.S. tightens controls on China imports of nuclear components". Reuters . October 11, 2018. Archived from the original on May 25, 2019. Retrieved May 25, 2019.
  35. "Spy warning on Chinese nuclear company". The Week. October 25, 2018. Archived from the original on May 25, 2019. Retrieved May 25, 2019.
  36. "Hinkley Point C: case against Chinese firm has the feel of a modern spy thriller". The Guardian. August 11, 2016. Archived from the original on May 25, 2019. Retrieved May 25, 2019.
  37. 1 2 3 4 5 6 7 Cha, Ariana Eunjung; Nakashima, Ellen (January 14, 2010). "Google China cyberattack part of vast espionage campaign, experts say". The Washington Post. Archived from the original on August 21, 2017. Retrieved August 25, 2017.
  38. 1 2 Markoff, John (April 19, 2010). "Cyberattack on Google Said to Hit Password System". The New York Times. Archived from the original on April 5, 2020. Retrieved April 6, 2020.
  39. Perlroth, Nicole (January 30, 2013). "Hackers in China Attacked The Times for Last 4 Months". The New York Times. Archived from the original on February 2, 2013. Retrieved January 31, 2013.
  40. Restuccia, Andrew (August 7, 2020). "Trump Executive Orders Target TikTok, WeChat Apps". The Wall Street Journal. ISSN   0099-9660. Archived from the original on August 14, 2020. Retrieved August 13, 2020.
  41. TikTok ban: Judge rules app won't be blocked in the US, for now Archived 2 October 2020 at the Wayback Machine ; CNN by way of MSN; published September 28, 2020; accessed February 7, 2021
  42. Volz, Dustin (January 31, 2024). "U.S. Disables Chinese Hacking Operation That Targeted Critical Infrastructure" . The Wall Street Journal . Retrieved February 6, 2024.
  43. Nakashima, Ellen (October 11, 2024). "White House forms emergency team to deal with China espionage hack". The Washington Post . Retrieved October 12, 2024.
  44. 1 2 3 Mazzetti, Mark; Goldman, Adam; Schmidt, Michael S.; Apuzzo, Matthew (May 20, 2017). "Killing C.I.A. Informants, China Crippled U.S. Spying Operations". The New York Times . Archived from the original on May 20, 2017. Retrieved May 20, 2017.
  45. "Report: Hillary Clinton's private email server was hacked by China | Al Arabiya English". August 28, 2018.
  46. Haas, Benjamin (January 18, 2018). "'Very discreet': arrested CIA spy kept a low profile in Hong Kong". The Guardian . Archived from the original on January 19, 2018. Retrieved January 19, 2018. He did not maintain any internet presence under his name in English or Chinese, or under an alternative spelling Zhen Cheng Li. He may have used an alias or avoided using public internet accounts altogether.
  47. "Ex-CIA officer Jerry Chun Shing Lee held over secret records". BBC News . January 16, 2018. Archived from the original on January 17, 2018. Retrieved January 16, 2018.
  48. Goldman, Adam (January 16, 2018). "Ex-C.I.A. Officer Suspected of Compromising Chinese Informants Is Arrested". The New York Times . Archived from the original on January 17, 2018. Retrieved January 16, 2018.
  49. O'Brien, Kellie R. (January 13, 2018). "Case 1:18-mj-00018-JFA" (PDF). Archived (PDF) from the original on October 11, 2019. Retrieved January 17, 2018.
  50. Waterman, Shaun (September 17, 2007). "China 'has .75M zombie computers' in U.S." United Press International. Archived from the original on November 12, 2014. Retrieved November 30, 2007.
  51. "Researchers: Cyber spies break into govt computers". Archived from the original on April 3, 2009. Retrieved July 29, 2011.
  52. "CTV News: Video clip". Watch.ctv.ca. Archived from the original on March 30, 2009. Retrieved August 25, 2014.
  53. "Foreign Ministry Spokesperson Qin Gang's Remarks on the So-called Chinese Cyber-Spy Ring Invading Computers in Countries". Fmprc.gov.cn. Archived from the original on May 28, 2013. Retrieved August 25, 2014.
  54. "Chinese embassy scoffs at reports of cyber spying". Theaustralian.news.com.au. Archived from the original on April 8, 2009. Retrieved July 29, 2011.
  55. 1 2 Fried, Ina (July 19, 2021). "U.S. and key allies accuse China of Microsoft Exchange cyberattacks". Axios . Retrieved July 19, 2021.
  56. 1 2 Tucker, Eric (July 19, 2021). "Microsoft Exchange hack caused by China, US and allies say". Associated Press . Retrieved July 19, 2021.
  57. 1 2 Kanno-Youngs, Zolan; Sanger, David E. (July 19, 2021). "U.S. Formally Accuses China of Hacking Microsoft". The New York Times . Retrieved July 19, 2021.
  58. 1 2 Liptak, Kevin (July 19, 2021). "US blames China for hacks, opening new front in cyber offensive". CNN . Retrieved July 19, 2021.
  59. "A new approach to China". Google Inc. January 12, 2010. Archived from the original on January 13, 2010. Retrieved January 17, 2010.
  60. "Google Attack Is Tip Of Iceberg" Archived July 14, 2011, at the Wayback Machine , McAfee Security Insights, January 13, 2010
  61. "Beijing denies corporate cyber spying charge against five Chinese military officials". China News.Net. Archived from the original on May 21, 2014. Retrieved May 20, 2014.
  62. "The Cyber Cold War". The Huffington Post. Archived from the original on June 15, 2014. Retrieved June 5, 2014.
  63. Department of Justice, Office of Public Affairs (November 27, 2017). "U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage". United States Department of Justice. Archived from the original on December 19, 2017. Retrieved December 20, 2017. An indictment was unsealed today against Wu Yingzhuo, Dong Hao and Xia Lei, all of whom are Chinese nationals and residents of China, for computer hacking, theft of trade secrets, conspiracy and identity theft directed at U.S. and foreign employees and computers of three corporate victims in the financial, engineering and technology industries between 2011 and May 2017. The three Chinese hackers work for the purported China-based Internet security firm Guangzhou Bo Yu Information Technology Company Limited (a/k/a "Boyusec").
  64. 1 2 "Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries". FireEye. March 16, 2018. Archived from the original on March 16, 2018.
  65. Segal, A. (2018). How China is preparing for cyberwar. The Christian Science Monitor
  66. Abad-Santos, A. (2018). China Is Winning the Cyber War Because They Hacked U.S. Plans for Real War. The Atlantic.
  67. Piiparinen, Anni. 2015. “The Chinese Cyber Threat in the South China Sea.” The Diplomat. The Diplomat. September 18
  68. 1 2 Walsh, Eric (June 8, 2018). Berlowitz, Phil; Dalgleish, James (eds.). "China hacked sensitive U.S. Navy undersea warfare plans: Washington Post". Reuters . Archived from the original on June 12, 2018. Retrieved June 9, 2018.
  69. Rosenberg, Matthew; Haberman, Maggie (October 24, 2018). "When Trump Phones Friends, the Chinese and the Russians Listen and Learn". The New York Times . Archived from the original on October 25, 2018. Retrieved October 25, 2018.
  70. Campbell, Mikey (October 24, 2018). "Trump refuses to give up iPhones, Chinese and Russian spies eavesdrop on calls". AppleInsider. Archived from the original on October 25, 2018. Retrieved October 25, 2018. President Donald Trump's unwillingness to ditch Apple's iPhone in favor of more secure hardware has granted Chinese and Russian spies an open door into his private phone conversations, according to a new report.
  71. Sanger, David E.; Erlanger, Steven (December 18, 2018). "Hacked European Cables Reveal a World of Anxiety About Trump, Russia and Iran". The New York Times . Archived from the original on December 19, 2018. Retrieved December 19, 2018. The cyberintruders also infiltrated the networks of the United Nations, the A.F.L.-C.I.O., and ministries of foreign affairs and finance worldwide. The hack of the A.F.L.-C.I.O. focused on issues surrounding the negotiations over the Trans-Pacific Partnership, a trade deal that excluded Beijing.
  72. Barry, Rob; Volz, Dustin (December 30, 2019). "Ghosts in the Clouds: Inside China's Major Corporate Hack". The Wall Street Journal . Archived from the original on December 31, 2019. Retrieved January 24, 2020.
  73. 1 2 Bing, Christopher; Stubbs, Jack; Menn, Joseph. Finkle, Jim; Oatis, Jonathan (eds.). "Exclusive: China hacked HPE, IBM and then attacked clients - sources". Reuters . Archived from the original on December 21, 2018.
  74. "Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials". Ars Technica. Archived from the original on July 10, 2019. Retrieved October 7, 2018.
  75. Osborne, Charlie. "Security researcher source in Supermicro chip hack report casts doubt on story". ZDNet. Archived from the original on June 18, 2019. Retrieved October 9, 2018.
  76. 1 2 3 Sekine, Sara (March 6, 2019). "Chinese hackers target North American and Asian universities". Nikkei Asian Review. Archived from the original on May 27, 2019. Retrieved March 6, 2019.
  77. Office of Public Affairs, Department of Justice (July 21, 2020). "People around the globe are divided in their opinions of China". United States Department of Justice . Archived from the original on August 2, 2020. Retrieved August 6, 2020.
  78. 1 2 Cimpanu, Catalin. "Building China's Comac C919 airplane involved a lot of hacking, report says". ZDNet . Archived from the original on November 15, 2019. Retrieved January 12, 2020.
  79. 1 2 Paganini, Pierluigi (October 18, 2019). "China-linked cyberspies Turbine PANDA targeted aerospace firms for years". securityaffairs.co. Security Affairs. Archived from the original on January 12, 2020. Retrieved January 12, 2020.
  80. 1 2 "Indictment". October 25, 2018. Archived from the original on November 1, 2018.
  81. 1 2 3 Vijayan, Jai (October 14, 2019). "Cyber Theft, Humint Helped China Cut Corners on Passenger Jet - Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says". DarkReading. InformationWeek. The human intelligence efforts included one by a now-indicted MSS intelligence officer to recruit an insider at LEAP-X manufacturer General Electric. The same officer also recruited a China-born US Army reservist who was an expert at assessing turbine engine schematics. So far, at least four individuals have been arrested in connection with China's campaign targeting aerospace companies.
  82. 1 2 Nakashima, Ellen (October 10, 2018). "In a first, a Chinese spy is extradited to the U.S. after stealing technology secrets, Justice Dept. says". The Washington Post .
  83. Lucas, Ryan (October 10, 2018). "U.S. Charges Alleged Chinese Government Spy With Stealing U.S. Trade Secrets". NPR . Xu made his initial appearance in federal court in Cincinnati, Ohio, on Wednesday. According to court papers, he is a deputy division director for the Ministry of State Security, which is China's intelligence and security agency, in Jiangsu Province. His job, prosecutors say, was to obtain technical information and trade secrets from foreign aviation and aerospace companies.
  84. "Chinese man charged with US aviation 'espionage'". BBC News . October 11, 2018. He was detained in Belgium on 1 April at the request of the US. He was later indicted by an Ohio grand jury on four charges of conspiring to commit economic espionage and attempting to steal trade secrets.
  85. "US cancels 1,000 China student visas, claiming ties to military". The Guardian. September 10, 2020. Archived from the original on September 10, 2020. Retrieved September 10, 2020.
  86. Allen-Ebrahimian, Bethany; Dorfman, Zach (December 8, 2020). "Exclusive: How a suspected Chinese spy gained access to California politics". Axios . Archived from the original on December 10, 2020. Retrieved January 26, 2021.
  87. Zeffman, Henry (December 9, 2020). "Democrat Eric Swalwell linked to spy suspect Christine Fang". The Times . Archived from the original on December 10, 2020. Retrieved January 26, 2021.
  88. "Harvard University Professor and Two Chinese Nationals Charged in Three Separate China Related Cases". justice.gov. January 28, 2020. Retrieved October 11, 2021.
  89. 1 2 3 4 5 6 7 8 9 10 11 12 Cheng, Wendy (2023). Island X: Taiwanese Student Migrants, Campus Spies, and Cold War Activism. Seattle, WA: University of Washington Press. ISBN   9780295752051.

Sources

Works cited
  • deGraffenreid, Kenneth (ed.), The Unanimous and Bipartisan Report of the House Select Committee on U.S. National Security and Military Commercial Concerns with the People's Republic of China ("The Cox Report"). Select Committee, U.S. House of Representatives (Washington, DC: Regnery, 1999).
  • Eftimiades, Nicholas, Chinese Intelligence Operations Archived April 11, 2020, at the Wayback Machine (Annapolis, MD: Naval Institute Press, 1994).
  • Wortzel, Larry M., Hearing on "Enforcement of Federal Espionage Laws." Testimony before the Subcommittee on Crime, Terrorism, and Homeland Security of the House Committee on the Judiciary, U.S. House of Representatives, January 29, 2008.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.