Chinese government-backed hackers’ rampant appetite for intellectual property represents a “major threat to U.S. and allied cyberspace assets,” according to a U.S. government assessment obtained by CyberScoop.
The analysis from the National Security Agency, FBI and Department of Homeland Security’s cyber agency warns that Beijing-linked hackers are still “aggressively” targeting U.S. and allied defense and semiconductor firms, medical institutions and universities to steal sensitive corporate data and personally identifiable information.
The advisory is a reminder that, despite the Biden administration’s heightened attention on ransomware gangs based in Russia, Chinese state-backed hacking remains a formidable threat to U.S. interests. The document is scheduled to be released publicly in the coming weeks, perhaps as soon as Monday.
“NSA, [the Cybersecurity and Infrastructure Security Agency], and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and [critical infrastructure] personnel and organizations,” says the advisory. “These cyber operations support China’s long-term economic and military development objectives.”
Chinese state-backed hackers are keen to cover their tracks, and closely watch the cybersecurity industry’s efforts to track them, the advisory says. The hackers rotate their use of virtual private servers and use “small office and home office routers” to avoid detection, according to the assessment.
The advisory is part of a recurring U.S. effort to share technical details of foreign hacking with the private sector and state and local governments, so that organizations can take defensive measures. The goal is to blunt the impact of cyber-espionage from state-backed hackers operating on behalf of China, Russia, Iran and others.
China, in particular, is an economic competitor with the U.S. and, analysts say, uses its hacking prowess for strategic advantage. In 2015, President Barack Obama and Chinese President Xi Jinping agreed that neither country would “knowingly support cyber-enabled theft of intellectual property.” While analysts have debated whether China has adhered to the letter of that agreement, there is evidence that Chinese state-linked hackers have continued to steal sensitive data from multinational corporations.
Chinese hackers tend to scour the internet for vulnerable devices soon after a flaw in popular software is made public, according to the interagency analysis. They then sometimes use publicly available “proof of concept” hacking tools to exploit the software, the document says.
This April, for example, U.S. security firm FireEye exposed an alleged Chinese data-stealing campaign against American and European government organizations, and those in the transportation and telecommunication sectors. The attackers broke into popular virtual private networking software Pulse Connect Secure to burrow into networks.
“Chinese cyber-espionage activity has demonstrated a higher tolerance for risk and is less constrained by diplomatic pressures than previously characterized,” FireEye concluded.
The semiconductor industry — the linchpin for the global smartphone market — has been of particular interest to suspected Chinese hackers. One such campaign sought to steal source code from multiple vendors in Taiwan’s semiconductor industry in 2018 and 2019, according to Taiwanese firm CyCraft.
The Chinese government routinely denies accusation that it conducts cyberattacks. A spokesperson for the Chinese Embassy in Washington, D.C., did not respond to a request for comment on the U.S. government advisory.
The alert is only the latest example of U.S. attention on alleged Chinese hacking. Microsoft revealed in March that alleged Chinese spies had exploited critical flaws in the Exchange Server software to steal email inboxes from U.S. organizations. The vulnerabilities exposed tens of thousands of U.S. organizations to separate hacks from financially motivated criminals.
The Biden administration has not publicly attributed that hacking effort to any foreign government.
A spokesperson for the National Security Council did not respond to a request for comment on the matter.