Western analysts warn of increasing cyber-attacks from China

The US and UK governments have announced sanctions against Chinese firms linked to a hacking group

Analysts have warned that cyber-attacks linked to Chinese intelligence agencies are increasing in capability and frequency, as they aim to test foreign government responses. This warning comes in the aftermath of revelations regarding a large-scale hacking of UK data.

The UK and US governments, on Tuesday, accused the hacking group Advanced Persistent Threat 31 (APT 31), allegedly backed by China’s government spy agency, of conducting a prolonged cyber-attack campaign. The targets included politicians, national security officials, journalists, and businesses. According to the UK, the hackers potentially accessed information on tens of millions of UK voters held by the Electoral Commission. Additionally, they engaged in cyber-espionage targeting lawmakers who have been vocal about threats from China.

In response, both the US and UK governments announced sanctions against Chinese companies and individuals linked to these activities.

On Tuesday, the New Zealand government stated that it had expressed concerns to the Chinese government regarding its alleged involvement in an attack targeting the country’s parliamentary entities in 2021.

Analysts informed the Guardian that there were evident indications of a rise in cyber-attacks likely carried out by Chinese actors, often with affiliations to China’s intelligence agencies and government.

“Some of the hacking groups are information security firms contracted to Chinese intelligence units to carry out attacks on specific targets, such as the recent case of iSoon Information,” stated analyst Chung Che from the Taiwan-based cyber threat analysis firm T5.

Over the past three years, T5 has observed a rise in continuously advancing hacking activities by Chinese groups in the Pacific region and Taiwan.

“We believe that their objective is to penetrate specific targets and pilfer critical information and intelligence, whether it’s political, military, or commercial,” Chung stated.

Chung noted that there wasn’t enough information to directly attribute the activity to China’s highest leadership (and Beijing vehemently denies the accusations), but “considering China’s system without a clear distinction between the party and the state, we cannot dismiss the possibility of directives originating from the top.”

Several analysts noted that western governments have become increasingly willing to attribute cyber-attacks to China, a shift from previous hesitancy to avoid upsetting the leaders of the world’s second-largest economy.

“That previous reluctance to criticize has been replaced by a more outspoken stance, likely due to the escalating scale and seriousness of the threats,” said David Tuffley, a senior lecturer in cybersecurity at Griffith University in Australia.

The UK’s announcement came after reports last month revealed that a Chinese hacking network, Volt Typhoon, had been dormant within critical US infrastructure for up to five years, positioning itself for potential acts of sabotage. This development raised concerns among Five Eyes nations, suggesting a move from intelligence-gathering espionage to readiness for warfare.

Tuffley explained that cyber-attacks are part of China’s grey zone activities, which are actions that approach but do not escalate to the level of warfare. While much of this activity is focused on the region, particularly targeting Taiwan and other nations with claims in the South China Sea, the effects of these cyberattacks are felt on a broader scale.

“The key point to understand is that China is taking a more assertive stance,” said Tuffley. “It recognizes that it lacks the military capability to defeat major powers like the US, UK, Australia, Japan, and Korea in a conventional war. Therefore, it is unlikely to escalate to that level.”

Instead, China aims to create instability in the target country and potentially undermine confidence in its operational capabilities. It also uses these attacks to test its own capabilities against its adversaries’ defenses.

Tuffley warned of the risk of escalation. While governments like the US and UK possess high cyber-espionage capabilities themselves, they have not publicly threatened countermeasures against China.

The US statement on Tuesday named individuals accused of carrying out the cyber attacks, indicating a detailed understanding of the attacks, possibly obtained through human intelligence sources within Chinese operations or through retaliatory information-gathering hacks, according to one analyst.

Adam Marrè, chief information security officer at Arctic Wolf, remarked that those familiar with cybersecurity would not find the UK report surprising. He stated, “Beijing views cyber as an extension of their statecraft and has often used cyber techniques to advance their national interests.”