![](\"https:\/\/media.wired.com\/photos\/628ec795e9a46d033b3380bf\/master\/pass\/china_hack_sec_GettyImages-1227542409.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Thu, 26 May 2022 11:00:00 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n For the best<\/span> part of a decade, US officials and cybersecurity companies have been naming and shaming hackers they believe work for the Chinese government. These hackers have stolen<\/a> terabytes of data from companies like pharmaceutical and video game firms<\/a>, compromised servers<\/a>, stripped security protections<\/a>, and highjacked hacking tools<\/a>, according to security experts. And as China\u2019s alleged hacking has grown more brazen<\/a>, individual Chinese hackers face indictments. However, things may be changing.<\/p>\n Since the start of 2022, China\u2019s Foreign Ministry and the country\u2019s cybersecurity firms have increasingly been calling out alleged US cyberespionage. Until now, these allegations have been a rarity. But the disclosures come with a catch: They appear to rely on years-old technical details, which are already publicly known and don\u2019t contain fresh information. The move may be a strategic change for China as the nation tussles to cement its position as a tech superpower.<\/p>\n This content can also be viewed on the site it originates<\/a> from.<\/p>\n \u201cThese are useful materials for China\u2019s tit-for-tat propaganda campaigns when they faced US accusation and indictment of China\u2019s cyberespionage activities,\u201d says Che Chang, a cyber threat analyst at the Taiwan-based cybersecurity firm TeamT5.<\/p>\n China\u2019s accusations, which were noted<\/a> by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, Chinese security company Pangu Lab published<\/a> allegations that the US National Security Agency\u2019s elite Equation Group<\/a> hackers used a backdoor, dubbed Bvp47, to monitor 45 countries. The Global Times<\/em>, a tabloid newspaper that\u2019s part of China\u2019s state-controlled media, ran an exclusive report<\/a> on the research. Weeks later, on March 14, the newspaper had a second exclusive story about another<\/a> NSA tool, NOPEN, based on details from China\u2019s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 alleged<\/a> that US hackers had been attacking Chinese companies and organizations. And on April 19, the Global Times<\/em> reported<\/a> on further National Computer Virus Emergency Response Center findings about HIVE, malware developed by the CIA.<\/p>\n The reports are accompanied with a flurry of statements\u2014often in response to questions from the media\u2014by China\u2019s Foreign Ministry spokespeople. \u201cChina is gravely concerned over the irresponsible malicious cyber activities of the US government,\u201d Foreign Ministry spokesperson Wang Wenbin said<\/a> in April after one of the announcements. \u201cWe urge the US side to explain itself and immediately stop such malicious activities.\u201d Over the first nine days of May, Foreign Ministry spokespeople commented on US cyber activities<\/a> at least three<\/a> times<\/a>. \u201cOne cannot whitewash himself by smearing others,\u201d Zhao Lijian said in one instance<\/a>.<\/p>\n While cyber activity undertaken by state actors is often wrapped in highly classified files, many hacking tools developed by the US are no longer secret. In 2017, WikiLeaks published 9,000 documents in the Vault7 leaks<\/a>, which detailed many of the CIA\u2019s tools. A year earlier, the mysterious Shadow Brokers<\/a> hacking group stole data from one of the NSA\u2019s elite hacking teams and slowly dripped the data to the world. The Shadow Brokers leaks included dozens of exploits and new zero-days<\/a>\u2014including the Eternal Blue<\/a> hacking tool, which has since been used repeatedly in some of the largest cyberattacks<\/a>. Many of the details in the Shadow Brokers leaks match up with details about NSA which were disclosed by Edward Snowden in 2013<\/a>. (An NSA spokesperson said it has \u201cno comment\u201d for this story; the agency routinely does not comment on its activities.)<\/p>\n Ben Read, director of cyberespionage analysis at the US cybersecurity firm Mandiant, says China\u2019s state media push of alleged US hacking seems to be consistent, but it mostly contains older information. \u201cEverything that I've seen they've written about, they tie back to the US through either the Snowden leaks or Shadow Brokers,\u201d Read says.<\/p>\n Pangu Lab\u2019s February report on Bvp47\u2014the only publication on its website\u2014says it initially discovered the details in 2013 but pieced them together after the Shadow Brokers leaks in 2017. \u201cThe report was based on a decade-old malware, and the decryption key is the same\u201d as in WikiLeaks, Che says. The details of HIVE and NOPEN have also been available for years. Neither Pangu Labs or Qihoo 360, which has been on the US government sanctions list since 2020<\/a>, responded to requests for comment on their research or methodology. A Pangu spokesperson previously said<\/a> it recently published the old details, and it had taken a long time to analyze the data.<\/p>\n Megha Pardhi, a China researcher<\/a> at Takshashila Institution, an Indian think tank, says the publications and follow-up comments from officials can serve multiple purposes. Internally, China can use it for propaganda and to send a message to the US that it has the capability to attribute cyber activity. But beyond this, there is a warning to other countries, Pardhi says. \u201cThe message is that even though you're allied with the United States, they're still gonna come after you.\u201d<\/p>\n \u201cWe oppose and crack down in accordance with law all forms of cyberespionage and attacks,\u201d Liu Pengyu, a spokesperson for the Chinese Embassy in the US, says in a statement. Liu did not respond directly to questions around the apparent uptick in finger-pointing at the US this year, the evidence that was being used to do so, or why this may be happening years after details originally emerged. China is widely considered to be one of the most sophisticated and active state cyber actors\u2014involved in spying, hacking for espionage, and gathering data. Western officials consider<\/a> the country to be the biggest cyber threat, ahead of Russia, Iran, and North Korea.<\/p>\n \u201cRecently, there have been many reports of US carrying cybertheft and attacks on China and the whole world,\u201d Liu says in a statement that reflects comments made by China\u2019s Foreign Ministry spokespeople this year. \u201cThe US should reflect on itself and join others to jointly safeguard peace and security in cyberspace with a responsible attitude.\u201d<\/p>\n Many of the disclosures in 2022\u2014there are only a handful of previous Chinese accusations<\/a> against the US\u2014stem from private cybersecurity companies. This is similar to how Western cybersecurity companies report their findings; they are not always incorporated into government talking points, however, and state-backed media is all but nonexistent.<\/p>\n The potential shift in tactics could play into wider policies around technology use and development. In recent years, China\u2019s policies have focused on positioning itself as a dominant force in technology standards<\/a> in everything from 5G to quantum computers. A raft of new cybersecurity and privacy laws<\/a> have detailed how companies should handle data and protect national information\u2014including the potential for hoarding previously unknown vulnerabilities<\/a>.<\/p>\n \u201cOne explanation is, possibly, that we are engaged in a kind of ideological\u2014or if you want to put it more prosaically, a marketing\u2014battle with China,\u201d says Suzanne Spaulding, a senior adviser at the Center for Strategic and International Studies and previously a senior cybersecurity official in the Obama administration. The US-China relationship has been fraught in recent years, with tensions rising over national security issues, including concerns about the telecom giant Huawei<\/a>. \u201cChina is offering, around the world, a competing model to Western-style democracy,\u201d Spaulding says, noting that China may be responding to Western countries coming together on multiple issues since Russia invaded Ukraine<\/a>.<\/p>\n