Cyberwarfare by China

Last updated

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

Contents

Background

These paragraphs are an excerpt from Cyberwarfare.[ edit ]

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. [1] Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. [2] One view is that the term is a misnomer since no cyber attacks to date could be described as a war. [3] An alternative view is that it is a suitable label for cyber attacks which cause physical damage to people and objects in the real world. [4]

Many countries, including the United States, United Kingdom, Russia, China, Israel, Iran, and North Korea, [5] [6] [7] [8] have active cyber capabilities for offensive and defensive operations. As states explore the use of cyber operations and combine capabilities, the likelihood of physical confrontation and violence playing out as a result of, or part of, a cyber operation is increased. However, meeting the scale and protracted nature of war is unlikely, thus ambiguity remains. [9]

Organization

While some details remain unconfirmed, it is understood that China organizes its resources as follows:

In response to claims that Chinese universities, businesses, and politicians have been subject to cyber espionage by the United States National Security Agency since 2009, [11] [12] the PLA announced a cyber security squad in May 2011 to defend their own networks. [13]

Since Xi Jinping became General Secretary of the Chinese Communist Party in 2012, the Ministry of State Security (MSS) gained more responsibility over cyberespionage compared with the People's Liberation Army, and currently oversees various advanced persistent threats. [14] According to security researcher Timo Steffens, advanced persistent threat (APT) groups in China leverage skills from private as well as public institutions and individuals, including smaller companies and hackers that take on government contracts. [15]

In 2017, Foreign Policy estimated China's "hacker army" personnel at between 50,000 and 100,000 individuals. [16]

This section is an excerpt from Advanced persistent threat § China.[ edit ]

Accusations of espionage and cyber-attacks

Australia

In May 2013, ABC News claimed that the Chinese government stole blueprints to the headquarters of the Australian Security Intelligence Organisation (ASIO). [46] In May 2023, Australia, alongside other Five Eyes member states, identified the Chinese government behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. [47] In July 2024, government agencies from eight nations, including the Australian Signals Directorate, released a joint advisory on APT40. [48] [49]

Canada

Officials in the Canadian government claimed that Chinese hackers compromised several departments within the federal government in early 2011, though the Chinese government has denied involvement. [50] In 2014, Canada's Chief Information Officer claimed that Chinese hackers compromised computer systems within the National Research Council. [51] In May 2023, Canada's Communications Security Establishment identified the Chinese government as being behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. [52] In July 2024, government agencies from eight nations, including the Canadian Centre for Cyber Security, released a joint advisory on APT40. [48] [49]

Germany

In July 2024, government agencies from eight nations, including Germany's Federal Intelligence Service and Federal Office for the Protection of the Constitution, released a joint advisory on APT40. [48] [49]

India

Officials in the Indian government believe that attacks on Indian government networks, such as the attack on the Indian National Security Council, have originated from China. According to the Indian government, Chinese hackers are experts in operating botnets, of which were used in these attacks. [53] Additionally, other instances of Chinese cyberattacks against India's cyberspace have been reported in multitude. [54] [55]

Japan

In April 2021, Japan claimed that the Chinese military ordered cyberattacks on about 200 Japanese companies and research institutes, including JAXA. [56] In July 2024, government agencies from eight nations, including Japan's National Police Agency, released a joint advisory on APT40. [48] [49]

The Netherlands

In 2024, the Dutch Military Intelligence and Security Service and the General Intelligence and Security Service stated that Chinese state hackers penetrated a Dutch military network the prior year. [57]

New Zealand

In May 2023, New Zealand, alongside other Five Eyes member states, named the Chinese government as being behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. [58] In March 2024, the Government Communications Security Bureau and New Zealand Government accused the Chinese government via APT40 of breaching its parliamentary network in 2021. [59] In July 2024, government agencies from eight nations, including the New Zealand National Cyber Security Centre, released a joint advisory on APT40. [48] [49]

South Korea

In July 2024, government agencies from eight nations, including South Korea's National Intelligence Service, released a joint advisory on APT40. [48] [49]

United States

The United States has accused China of cyberwarfare attacks that targeted the networks of important American military, commercial, research, and industrial organizations. A Congressional advisory group has declared China "the single greatest risk to the security of American technologies" [60] and "there has been a marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer systems". [60] [61] [62] [63] China's cyberwarfare has expanded from cyber-espionage to "pre-positioning" activity for the sabotage and crippling of critical infrastructure. [64]

In January 2010, Google reported targeted attacks on its corporate infrastructure originating from China "that resulted in the theft of intellectual property from Google." Gmail accounts belonging to two human rights activists were compromised in an attack on Google's password system. [65] Chinese hackers also gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government. [66] American security experts connected the Google attack to various other political and corporate espionage efforts originating from China, which included spying against military, commercial, research, and industrial corporations. [63] Obama administration officials called the cyberattacks "an increasingly serious cyber threat to US critical industries." [61]

In addition to Google, at least 34 other companies have been attacked. Reported cases include Northrop Grumman, Symantec, Yahoo, Dow Chemical, and Adobe Systems. [67] Cyber-espionage has been aimed at both commercial and military interests. [68]

Diplomatic cables highlight US concerns that China is exploiting its access to Microsoft source code to boost its offensive and defensive capabilities. [69]

A number of private computer security firms have stated that they have growing evidence of cyber-espionage efforts originating from China, including the "Comment Group". [70]

China has denied accusations of cyberwarfare, [71] and has accused the United States of engaging in cyber-warfare against it, accusations which the United States denies. [72] [73] [74] [75] [76]

In 2011, a Chinese state TV program displayed outdated screenshots of a Chinese military institute performing cyber attacks on a US-based dissident entity. [77] The direct visual evidence from an official Chinese source challenges China's claims that it never engages in overseas hacking for government purposes. [77]

During March 2013, high-level discussions continued. [78]

In May 2014, a federal grand jury in the United States indicted five PLA Unit 61398 officers on charges of theft of confidential business information from U.S. commercial firms and planting malware on their computers. [79] [80]

In September 2014, a Senate Armed Services Committee probe revealed hackers associated with the Chinese government committing various intrusions of computer systems belonging to U.S. airlines, technology companies and other contractors involved with the movement of U.S. troops and military equipment, [81] and in October 2014, The FBI added that hackers, who they believe to be backed by the Chinese government, have recently launched attacks on U.S. companies. [82]

In 2015, the U.S. Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as 21.5 million people. [83] The Washington Post reported that the attack came from China, citing unnamed government officials. [84] FBI director James Comey explained "it is a very big deal from a national security perspective and a counterintelligence perspective. It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government." [85]

In October 2018, Bloomberg Businessweek published a report, citing unnamed corporate and governmental sources, which claimed that the PLA had forced Supermicro's Chinese sub-contractors to add microchips with hardware backdoors to its servers. The report claimed that the compromised servers had been sold to U.S. government divisions (including the CIA and Department of Defense) and contractors and at least 30 commercial clients. [86]

In 2019, a study showed continued attacks on the US Navy and its industrial partners. [87]

In February 2020, a US federal grand jury charged four members of China's People's Liberation Army (PLA) with the 2017 Equifax hack. [88] The official account of FBI stated on Twitter that they played a role in "one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded". [89]

The Voice of America reported in April 2020 that "U.S. intelligence agencies concluded the Chinese hackers meddled in both the 2016 and 2018 elections" and said "there have already been signs that China-allied hackers have engaged in so-called "spear-phishing" attacks on American political targets" ahead of the 2020 United States elections. [90]

In March 2021, United States intelligence community released analysis in finding that China had considered interfering with the election but decided against it on concerns it would fail or backfire. [91]

In April 2021, FireEye said that suspected Chinese hackers used a zero-day attack against Pulse Connect Secure devices, a VPN device, in order to spy on dozens of government, defense industry and financial targets in the U.S. and Europe. [92] [93] [94] [95]

In May 2023, Microsoft and Western intelligence agencies reported that a Chinese state-sponsored hacking group affiliated with the PLA called "Volt Typhoon" had targeted critical infrastructure and military installations in Guam, Hawaii, Texas and elsewhere. [96] [97] [98] In January 2024, US authorities stated that they disrupted an operation by Volt Typhoon that had access to critical infrastructure in the US for at least five years. [99] [100]

In February 2024, OpenAI announced that it had shut down accounts used by the Charcoal Typhoon and Salmon Typhoon hacking groups. The groups had been using their services to research companies, intelligence agencies, cybersecurity tools and evasion techniques, translate technical papers, write and refactor code, and create phishing campaign content. [101] [102] The same month, leaked documents from an MSS, PLA, and MPS contractor based in Shanghai called I-Soon, also known as Auxun, provided details into a campaign to harass dissidents, activists, critical academics, and Uyghurs overseas. [103] [104] [105]

In July 2024, government agencies from eight nations, including the National Security Agency and Cybersecurity and Infrastructure Security Agency, released a joint advisory on APT40. [48] [49] In September 2024, FBI director Christopher A. Wray announced that Chinese state hacking campaign known as Flax Typhoon, which targeted critical infrastructure, had been disrupted. [106] [107] In November 2024, Texas governor Greg Abbott ordered state agencies to harden critical infrastructure from cyberattacks from threats emanating from the PRC. [108]

Taiwan

Comparing the semiconductor industry in China mainland and Taiwan today, Taiwan is the leader in terms of overall competitiveness. On 6 August 2020, Wired published a report, stating that "Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry." [109]

Ukraine

In April 2022, The Times reported that days prior to the start of the 2022 Russian invasion of Ukraine, a cyberwarfare unit of the People's Liberation Army launched cyberattacks against hundreds of Ukrainian government sites, according to officials of the Security Service of Ukraine. [110] [111]

United Kingdom

In May 2023, the UK's National Cyber Security Centre, alongside other Five Eyes member states, identified the Chinese government behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. [47] [112]

In March 2024, the UK government and the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) jointly sanctioned a Chinese MSS front company called Wuhan Xiaoruizhi Science and Technology and affiliated individuals for breaching the Electoral Commission and placing malware in critical infrastructure. [113] [114]

In July 2024, government agencies from eight nations, including the UK's National Cyber Security Centre, released a joint advisory on APT40. [48] [49]

The Vatican

In July 2020, it was reported that Chinese state-sponsored hackers operating under the named RedDelta hacked the Vatican's computer network ahead of negotiations between China and the Vatican. [115]

IP hijacking

During 18 minutes on April 8, 2010, state-owned China Telecom advertised erroneous network routes that instructed "massive volumes" of U.S. and other foreign Internet traffic to go through Chinese servers. A US Defense Department spokesman told reporters that he did not know if "we've determined whether that particular incident ... was done with some malicious intent or not" and China Telecom denied the charge that it "hijacked" U.S. Internet traffic. [116]

See also

Related Research Articles

The Government of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security (MSS), the Ministry of Public Security (MPS), the United Front Work Department (UFWD), People's Liberation Army (PLA) via its Intelligence Bureau of the Joint Staff Department, and numerous front organizations and state-owned enterprises. It employs a variety of tactics including cyber espionage to gain access to sensitive information remotely, signals intelligence, human intelligence as well as influence operations through united front activity targeting overseas Chinese communities and associations. The Chinese government is also engaged in industrial espionage aimed at gathering information and technology to bolster its economy, as well as transnational repression of dissidents abroad such as supporters of the Tibetan independence movement and Uyghurs as well as the Taiwan independence movement, the Hong Kong independence movement, Falun Gong, pro-democracy activists, and other critics of the Chinese Communist Party (CCP). The United States alleges that the degree of intelligence activity is unprecedented in its assertiveness and engagement in multiple host countries, particularly the United States, with economic damages estimated to run into the hundreds of billions according to the Center for Strategic and International Studies.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a state

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak, Peter Lee, and Shujun Wang. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and offensive power projection thanks to comparatively advanced technology and a large military budget. Cyberwarfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Mandiant, Inc. is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

Cyberwarfare is a part of the Iranian government's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include APT44, Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

Hafnium is a cyber espionage group, sometimes known as an advanced persistent threat, with alleged ties to the Chinese government. Hafnium is closely connected to APT40.

APT40, also known as BRONZE MOHAWK, FEVERDREAM, G0065, GADOLINIUM, Gingham Typhoon, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper, is an advanced persistent threat operated by the Hainan State Security Department, a branch of the Chinese Ministry of State Security located in Haikou, Hainan, China, and has been active since at least 2009.

A cyberattack is any unauthorized effort against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Salt Typhoon, is an advanced persistent threat actor that is reported to be operated by the Chinese government to conduct cyberespionage campaigns against targets in North America and Southeast Asia. Active since 2020, the group engages in widespread data theft, particularly capturing network traffic. Former NSA analyst Terry Dunlap has called the group "another component of China's 100-Year Strategy." According to former CISA director Chris Krebs and other U.S. officials, the group is affiliated with China's Ministry of State Security.

References

  1. Singer, P. W.; Friedman, Allan (March 2014). Cybersecurity and cyberwar : what everyone needs to know. Oxford. ISBN   9780199918096. OCLC   802324804.{{cite book}}: CS1 maint: location missing publisher (link)
  2. "Cyberwar – does it exist?". NATO. June 13, 2019. Retrieved May 10, 2019.
  3. Smith, Troy E. (2013). "Cyber Warfare: A Misrepresentation of the True Cyber Threat". American Intelligence Journal. 31 (1): 82–85. ISSN   0883-072X. JSTOR   26202046.
  4. Lucas, George (2017). Ethics and Cyber Warfare: The Quest for Responsible Security in the Age of Digital Warfare. Oxford. p. 6. ISBN   9780190276522.{{cite book}}: CS1 maint: location missing publisher (link)
  5. "Advanced Persistent Threat Groups". FireEye. Retrieved May 10, 2019.
  6. "APT trends report Q1 2019". securelist.com. April 30, 2019. Retrieved May 10, 2019.
  7. "GCHQ". www.gchq.gov.uk. Retrieved May 10, 2019.
  8. "Who are the cyberwar superpowers?". World Economic Forum. May 4, 2016. Retrieved June 24, 2021.
  9. Cyber warfare : a multidisciplinary analysis. Green, James A., 1981–. London. November 7, 2016. ISBN   9780415787079. OCLC   980939904.{{cite book}}: CS1 maint: location missing publisher (link) CS1 maint: others (link)
  10. Beijing, Simon Elegant (November 18, 2009). "Cyberwarfare: The Issue China Won't Touch". Time . Retrieved October 7, 2024.
  11. Chan, Kelvin (June 13, 2013). "Leaker Snowden alleges NSA hacking on China, world". Phys.org . Associated Press. Archived from the original on November 25, 2020. Retrieved July 14, 2024.
  12. "Snowden says U.S. hacking targets China; NSA points to thwarted attacks". The Japan Times . June 14, 2013. Archived from the original on June 15, 2013. Retrieved June 13, 2013.
  13. Beech, Hannah (May 27, 2011). "Meet China's Newest Soldiers: An Online Blue Army". Time . ISSN   0040-781X. Archived from the original on September 27, 2024. Retrieved October 7, 2024.
  14. Mozur, Paul; Buckley, Chris (August 26, 2021). "Spies for Hire: China's New Breed of Hackers Blends Espionage and Entrepreneurship". The New York Times . ISSN   0362-4331. Archived from the original on August 27, 2021. Retrieved August 27, 2021.
  15. Stone, Jeff (October 5, 2020). "Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic". cyberscoop.com. Cyberscoop. Archived from the original on March 22, 2021. Retrieved October 11, 2020. In China not all of these companies are 'front companies' in the strict sense that they were established by intelligence agencies to hide their involvement. The APT landscape in China is run in a 'whole country' approach, leveraging skills from universities, individual, and private and public sectors. So some of the smaller companies might just be a way for individual hackers to band together and be eligible for government contracts.
  16. Hvistendahl, Mara (October 7, 2024). "China's Hacker Army". Foreign Policy . Archived from the original on March 9, 2017. Retrieved October 7, 2024.
  17. "Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak". Symantec. May 7, 2019. Archived from the original on May 7, 2019. Retrieved July 23, 2019.
  18. "APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic" (PDF). FireEye . May 2015. Archived (PDF) from the original on November 24, 2023. Retrieved January 21, 2024.
  19. "China-Based Threat Actors" (PDF). U.S. Department of Health and Human Services Office of Information Security. August 16, 2023. Archived (PDF) from the original on December 29, 2023. Retrieved April 29, 2024.
  20. van Dantzig, Maarten; Schamper, Erik (December 19, 2019). "Wocao APT20" (PDF). fox-it.com. NCC Group. Archived from the original (PDF) on March 22, 2021. Retrieved December 23, 2019.
  21. Vijayan, Jai (December 19, 2019). "China-Based Cyber Espionage Group Targeting Orgs in 10 Countries". www.darkreading.com. Dark Reading. Archived from the original on May 7, 2021. Retrieved January 12, 2020.
  22. Barth, Bradley (March 16, 2016). "'Suckfly' in the ointment: Chinese APT group steals code-signing certificates". SC Media. Archived from the original on September 24, 2024. Retrieved September 24, 2024.
  23. "Building China's Comac C919 airplane involved a lot of hacking, report says". ZDNET. Archived from the original on November 15, 2019. Retrieved September 24, 2024.
  24. Lyngaas, Sean (August 10, 2021). "Chinese hackers posed as Iranians to breach Israeli targets, FireEye says". www.cyberscoop.com. Archived from the original on November 29, 2023. Retrieved August 15, 2021.
  25. Lyngaas, Sean (February 12, 2019). "Right country, wrong group? Researchers say it wasn't APT10 that hacked Norwegian software firm". www.cyberscoop.com. Cyberscoop. Archived from the original on May 7, 2021. Retrieved October 16, 2020.
  26. Lyngaas, Sean (October 16, 2020). "Google offers details on Chinese hacking group that targeted Biden campaign". Cyberscoop. Archived from the original on May 7, 2021. Retrieved October 16, 2020.
  27. "How Microsoft names threat actors". Microsoft. January 16, 2024. Archived from the original on July 10, 2024. Retrieved January 21, 2024.
  28. "Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure". U.S. Department of the Treasury . March 19, 2024. Archived from the original on March 25, 2024. Retrieved March 25, 2024.
  29. "Double Dragon APT41, a dual espionage and cyber crime operation". FireEye . October 16, 2019. Archived from the original on May 7, 2021. Retrieved April 14, 2020.
  30. "Bureau names ransomware culprits". Taipei Times . May 17, 2020. Archived from the original on March 22, 2021. Retrieved May 22, 2020.
  31. Greenberg, Andy (August 6, 2020). "Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry". Wired . ISSN   1059-1028. Archived from the original on March 22, 2021. Retrieved July 14, 2024.
  32. Sabin, Sam (October 26, 2022). "New pro-China disinformation campaign targets 2022 elections: Report". Axios . Archived from the original on October 26, 2022. Retrieved October 27, 2022.
  33. Milmo, Dan (April 5, 2024). "China will use AI to disrupt elections in the US, South Korea and India, Microsoft warns". The Guardian . ISSN   0261-3077. Archived from the original on May 25, 2024. Retrieved April 7, 2024.
  34. Naraine, Ryan (March 2, 2021). "Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group". securityweek.com. Wired Business Media. Archived from the original on July 6, 2023. Retrieved March 3, 2021.
  35. Burt, Tom (March 2, 2021). "New nation-state cyberattacks". blogs.microsoft.com. Microsoft. Archived from the original on March 2, 2021. Retrieved March 3, 2021.
  36. Nichols, Shaun (October 20, 2021). "'LightBasin' hackers spent 5 years hiding on telco networks". TechTarget . Archived from the original on November 29, 2023. Retrieved April 8, 2022.
  37. Ilascu, Ionut (October 19, 2021). "LightBasin hacking group breaches 13 global telecoms in two years". Bleeping Computer . Archived from the original on July 24, 2023. Retrieved April 8, 2022.
  38. Cimpanu, Catalin. "Hackers target the air-gapped networks of the Taiwanese and Philippine military". ZDnet . Archived from the original on March 22, 2021. Retrieved May 16, 2020.
  39. Intelligence, Microsoft Threat (May 24, 2023). "Volt Typhoon targets US critical infrastructure with living-off-the-land techniques". Microsoft Security Blog. Archived from the original on January 17, 2024. Retrieved May 26, 2023.
  40. Tucker, Eric (September 18, 2024). "FBI disrupts Chinese cyber operation targeting critical infrastructure in the US". Associated Press . Archived from the original on September 24, 2024. Retrieved September 18, 2024.
  41. 1 2 "Disrupting malicious uses of AI by state-affiliated threat actors". February 14, 2024. Archived from the original on February 16, 2024. Retrieved February 16, 2024.
  42. 1 2 "Staying ahead of threat actors in the age of AI". Microsoft . February 14, 2024. Archived from the original on February 16, 2024. Retrieved February 16, 2024.
  43. Krouse, Sarah; McMillan, Robert; Volz, Dustin (September 25, 2024). "China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack" . The Wall Street Journal . Retrieved September 25, 2024.
  44. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (October 5, 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack" . The Wall Street Journal . Archived from the original on October 5, 2024. Retrieved October 5, 2024.
  45. Sabin, Sam (November 19, 2024). "New China-linked telco attackers". Axios . Retrieved November 19, 2024.
  46. "George Brandis briefed by ASIO on claims China stole classified blueprints of Canberra headquarters". ABC News . May 29, 2013. Archived from the original on May 30, 2013. Retrieved May 29, 2013.
  47. 1 2 Evans, Jake (May 24, 2023). "Australia joins intelligence partners to blame China for US infrastructure cyber attack". ABC News . Archived from the original on January 12, 2024. Retrieved January 12, 2024.
  48. 1 2 3 4 5 6 7 8 Cherney, Mike (July 9, 2024). "U.S., Allies Issue Rare Warning on Chinese Hacking Group" . The Wall Street Journal . Archived from the original on July 9, 2024. Retrieved July 9, 2024.
  49. 1 2 3 4 5 6 7 8 "Australia accuses China of cyber espionage". Voice of America . July 10, 2024. Archived from the original on July 10, 2024. Retrieved July 10, 2024.
  50. "Foreign hackers attack Canadian government". CBC News . February 16, 2011. Archived from the original on February 18, 2011. Retrieved February 17, 2011.
  51. "Chinese cyberattack hits Canada's National Research Council". CBC News . July 29, 2014. Archived from the original on July 29, 2014. Retrieved July 29, 2014.
  52. Boynton, Sean (May 24, 2023). "A Chinese cyber espionage operation is hitting U.S. infrastructure, West warns". Global News . Archived from the original on January 12, 2024. Retrieved January 12, 2024.
  53. "China mounts cyber attacks on Indian sites". The Times of India . India. May 5, 2008. Archived from the original on August 26, 2011. Retrieved October 25, 2010.
  54. "'നിശബ്ദ യുദ്ധ'ത്തിന് പിന്നിൽ ചൈന; ടാർഗറ്റ് ഇന്ത്യയും അമേരിക്കയും". ManoramaOnline. Archived from the original on June 6, 2018. Retrieved June 6, 2018.
  55. Rising, David (April 7, 2022). "Chinese hackers reportedly target India's power grid". Associated Press . Archived from the original on April 10, 2022. Retrieved April 10, 2022.
  56. "Chinese military seen behind Japan cyberattacks". The Japan Times. April 20, 2021. Archived from the original on April 23, 2021. Retrieved April 23, 2021.
  57. "Chinese spies hacked Dutch defence network last year - intelligence agencies". Reuters . February 6, 2024. Retrieved February 6, 2024.
  58. Ensor, Jamie (May 25, 2023). "New Zealand, Five Eyes issue alert warning of China state actor engaging in 'malicious cyber activity'". Newshub . Archived from the original on January 12, 2024. Retrieved January 12, 2024.
  59. Pearse, Adam (March 26, 2024). "Parliament systems targeted by China-based hackers". The New Zealand Herald . Archived from the original on March 26, 2024. Retrieved March 28, 2024.
  60. 1 2 Claburn, Thomas. "China Cyber Espionage Threatens U.S., Report Says". InformationWeek . Archived from the original on February 27, 2010. Retrieved November 1, 2010.
  61. 1 2 Nakashima, Ellen; Eunjung Cha, Ariana (January 14, 2010). "Google China cyberattack part of vast espionage campaign, experts say". The Washington Post . ISSN   0190-8286. Archived from the original on February 11, 2021. Retrieved July 14, 2024.
  62. McMillan, Robert (October 23, 2009). "Report Says China Ready for Cyber-war, Espionage". PC World . Archived from the original on April 2, 2010. Retrieved November 1, 2010.
  63. 1 2 Gorman, Siobhan (April 9, 2009). "Electricity Grid in U.S. Penetrated By Spies" . The Wall Street Journal . ISSN   0099-9660. Archived from the original on June 25, 2018. Retrieved April 1, 2022.
  64. "The new front in China's cyber campaign against America" . The Economist . June 13, 2024. ISSN   0013-0613. Archived from the original on June 13, 2024. Retrieved June 15, 2024.
  65. "Google cyber attack hit password system" The New York Times, Reuters, April 19, 2010.
  66. Goodin, Dan (May 21, 2013). "Chinese hackers who breached Google reportedly targeted classified data". Ars Technica . Archived from the original on November 8, 2014. Retrieved November 8, 2014.
  67. Jacobs, Andrew; Helft, Miguel (January 12, 2010). "Google, Citing Attack, Threatens to Exit China". The New York Times . ISSN   0362-4331. Archived from the original on February 2, 2017. Retrieved July 14, 2024.
  68. Zetter, Kim (January 13, 2010). "Google Hackers Targeted Source Code of More Than 30 Companies". Wired . Archived from the original on September 18, 2010. Retrieved November 1, 2010.
  69. "US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears". The Guardian . December 4, 2010. ISSN   0261-3077. Archived from the original on September 24, 2024. Retrieved July 14, 2024.
  70. Riley, Michael, and Dune Lawrence, "Hackers Linked to China's Army Seen From EU to D.C. Archived January 11, 2015, at the Wayback Machine ", Bloomberg L.P. , 27 July 2012
  71. "China's Response to BusinessWeek". BusinessWeek . April 10, 2008. Archived from the original on October 25, 2012. Retrieved February 12, 2013.
  72. Zetter, Kim (January 25, 2010). "China Accuses US of Cyberwarfare". Wired. Archived from the original on December 28, 2010. Retrieved October 23, 2010.
  73. Nakashima, Ellen (May 20, 2023). "Report on 'Operation Shady RAT' identifies widespread cyber-spying". The Washington Post . ISSN   0190-8286. Archived from the original on April 24, 2020. Retrieved July 14, 2024.
  74. Anderlini, Jamil (January 15, 2010). "The Chinese dissident's 'unknown visitors'" . Financial Times . Archived from the original on September 10, 2010. Retrieved August 3, 2011.
  75. Barnes, Julian E. (March 4, 2008). "China's computer hacking worries Pentagon". Los Angeles Times . Archived from the original on March 10, 2008. Retrieved March 4, 2008.
  76. Brookes, Peter (March 13, 2008). "Flashpoint: The Cyber Challenge: Cyber attacks are growing in number and sophistication". Family Security Matters. Archived from the original on March 29, 2008. Retrieved April 7, 2008.
  77. 1 2 Erickson, Andrew; Collins, Gabe (August 25, 2011). "Did China Tip Cyber War Hand?". The Diplomat . Archived from the original on April 2, 2023. Retrieved July 14, 2024.
  78. "The U.S. Presses on Cyberthreats; In Beijing, Treasury Secretary Frames Issue as a Top Priority in Ties With China". Archived May 18, 2017, at the Wayback Machine March 20, 2013 The Wall Street Journal
  79. Finkle, J., Menn, J., Viswanatha, J. "U.S. accuses China of cyber spying on American companies". Archived October 6, 2014, at the Wayback Machine Reuters, May 19, 2014.
  80. Clayton, Mark (May 19, 2014). "US indicts five in China's secret 'Unit 61398' for cyber-spying on US firms". Christian Science Monitor . ISSN   0882-7729. Archived from the original on May 20, 2014. Retrieved July 14, 2024.
  81. Chinese hacked U.S. military contractors, Senate panel finds Archived March 22, 2018, at the Wayback Machine September 18, 2014 Reuters
  82. FBI warns U.S. businesses of cyber attacks, blames Beijing Archived March 22, 2018, at the Wayback Machine October 16, 2014 Reuters
  83. Peterson, Andrea (September 24, 2015). "OPM says 5.6 million fingerprints stolen in the biggest cyber attack in US history. America doesn't have anything together this is why this happened". Independent . Archived from the original on September 15, 2017. Retrieved August 26, 2017.
  84. Sanders, Sam (June 4, 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR. Archived from the original on June 5, 2015. Retrieved April 5, 2018.
  85. "Hacks of OPM databases compromised 22.1 million people, federal authorities say Archived July 26, 2018, at the Wayback Machine ". The Washington Post. July 9, 2015.
  86. "China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies". Bloomberg News . October 4, 2018. Archived from the original on October 4, 2018. Retrieved March 14, 2024.
  87. Gordon Lubold; Dustin Volz (March 12, 2019). "Navy, Industry Partners Are 'Under Cyber Siege' by Chinese Hackers, Review Asserts; Hacking threatens U.S.'s standing as world's leading military power, study says". WSJ.com. Archived from the original on March 13, 2019. Retrieved March 14, 2019.
  88. "US charges 4 members of Chinese military with Equifax hack". CNN . February 10, 2020. Archived from the original on February 11, 2020. Retrieved February 10, 2020.
  89. Riotta, Chris (February 10, 2020). "US charges Chinese military hackers over cyber-attack of Equifax". The Independent . Retrieved October 6, 2024.
  90. "China, Caught Meddling in Past Two US Elections, Claims 'Not Interested' in 2020 Vote". Voice of America . April 30, 2020. Archived from the original on May 18, 2020. Retrieved May 17, 2020.
  91. Barnes, Julian E. (March 16, 2021). "Russian Interference in 2020 Included Influencing Trump Associates, Report Says". The New York Times. ISSN   0362-4331. Archived from the original on April 21, 2021. Retrieved April 21, 2021.
  92. "Suspected Chinese hackers spied on U.S., European targets". PBS NewsHour . April 20, 2021. Archived from the original on April 21, 2021. Retrieved April 21, 2021.
  93. "China-linked hackers used VPN flaw to target U.S. defense industry -researchers". in.finance.yahoo.com. Archived from the original on April 21, 2021. Retrieved April 21, 2021.
  94. Miller, Maggie (April 20, 2021). "Multiple agencies breached by hackers using Pulse Secure vulnerabilities". The Hill . Archived from the original on April 21, 2021. Retrieved April 21, 2021.
  95. "China-linked hackers used VPN flaw to target U.S. defense industry -researchers". Reuters . April 20, 2021. Archived from the original on April 21, 2021. Retrieved April 21, 2021.
  96. Siddiqui, Zeba; Bing, Christopher; Bing, Christopher (May 25, 2023). "Chinese hackers spying on US critical infrastructure, Western intelligence says". Reuters . Archived from the original on May 25, 2023. Retrieved May 25, 2023.
  97. Sanger, David E.; Barnes, Julian E. (July 29, 2023). "U.S. Hunts Chinese Malware That Could Disrupt American Military Operations". The New York Times . ISSN   0362-4331. Archived from the original on July 29, 2023. Retrieved July 29, 2023.
  98. Nakashima, Ellen; Menn, Joseph (December 12, 2023). "China's cyber army is invading critical U.S. services". The Washington Post . ISSN   0190-8286. Archived from the original on December 13, 2023. Retrieved December 16, 2023.
  99. Volz, Dustin (January 31, 2024). "U.S. Disables Chinese Hacking Operation That Targeted Critical Infrastructure" . The Wall Street Journal . Archived from the original on February 6, 2024. Retrieved February 6, 2024.
  100. Lyngaas, Sean (February 7, 2024). "Chinese hackers have lurked in some US infrastructure systems for 'at least five years'". CNN . Archived from the original on February 8, 2024. Retrieved February 8, 2024.
  101. "Disrupting malicious uses of AI by state-affiliated threat actors". February 14, 2024. Archived from the original on February 16, 2024. Retrieved February 16, 2024.
  102. "Staying ahead of threat actors in the age of AI". Microsoft . February 14, 2024. Archived from the original on February 16, 2024. Retrieved February 16, 2024.
  103. McLaughlin, Jenna (February 22, 2024). "Leaked document trove shows a Chinese hacking scheme focused on harassing dissidents". NPR . Archived from the original on February 22, 2024. Retrieved February 22, 2024.
  104. "Leaked files from Chinese firm show vast international hacking effort". The Washington Post . February 22, 2024. Retrieved February 24, 2024.
  105. Mozur, Paul; Bradsher, Keith; Liu, John; Krolik, Aaron (February 22, 2024). "Leaked Files Show the Secret World of China's Hackers for Hire". The New York Times . ISSN   0362-4331. Archived from the original on February 23, 2024. Retrieved February 23, 2024.
  106. Tucker, Eric (September 18, 2024). "FBI disrupts Chinese cyber operation targeting critical infrastructure in the US". Associated Press . Archived from the original on September 24, 2024. Retrieved September 18, 2024.
  107. "Court-Authorized Operation Disrupts Worldwide Botnet Used by People's Republic of China State-Sponsored Hackers". United States Department of Justice . September 18, 2024. Retrieved October 19, 2024.
  108. Brooks Harper, Karen (November 20, 2024). "Gov. Greg Abbott issues this week's third executive order targeting China". The Dallas Morning News . Retrieved November 21, 2024.
  109. Greenberg, Andy (August 6, 2020). "Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry". Wired . ISSN   1059-1028. Archived from the original on March 22, 2021. Retrieved July 14, 2024.
  110. Tucker, Maxim (April 1, 2022). "China accused of hacking Ukraine days before Russian invasion". The Times . ISSN   0140-0460. Archived from the original on July 10, 2024. Retrieved April 1, 2022.
  111. "Mystery of alleged Chinese hack on eve of Ukraine invasion". BBC News . April 7, 2022. Retrieved April 8, 2022.
  112. Milmo, Dan (May 25, 2023). "GCHQ warns of fresh threat from Chinese state-sponsored hackers". The Guardian . ISSN   0261-3077. Archived from the original on January 12, 2024. Retrieved January 12, 2024.
  113. Psaledakis, Daphne; Pearson, James (March 25, 2024). "US, UK accuse China over spy campaign that may have hit millions". Reuters . Retrieved March 25, 2024.
  114. Hui, Sylvia (March 25, 2024). "US and UK announce sanctions over China-linked hacks on election watchdog and lawmakers". Associated Press . Archived from the original on March 25, 2024. Retrieved March 25, 2024.
  115. Sanger, David E.; Wong, Edward; Horowitz, Jason (July 28, 2020). "The Vatican Is Said to Be Hacked From China Before Talks With Beijing". The New York Times . ISSN   0362-4331. Archived from the original on August 6, 2020. Retrieved July 14, 2024.
  116. Wolf, Jim (November 19, 2010). "Pentagon says "aware" of China Internet rerouting". Reuters . Archived from the original on November 23, 2010. Retrieved November 26, 2010.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.