China is actively engaging in a cyberwar on countries that it considers hostile. And Western experts think hacking attacks sponsored by China are on the rise. The U.S. and its ally nations have slammed China for unleashing an unprecedented form of cyberwar targeting Western countries.
What is cyberwar?
The definition of cyberwar has been honed into one that was perhaps most clearly laid out in the 2010 book Cyber War, co-written by Richard Clarke, a national security advisor to presidents George H.W. Bush, Bill Clinton, and George W. Bush, and Robert Knake, who would later serve as a cybersecurity advisor to President Obama.
Subscribe to our Newsletter!
Receive selected content straight into your inbox.
Clarke and Knake defined cyberwar as “actions by a nation-state to penetrate another nation’s computers or networks for the purpose of causing damage or disruption.” To put it more simply, that definition roughly encompasses the same things we’ve always identified as “acts of war,” only now carried out by digital means. But as the world was learning by the time Clarke and Knake wrote that definition, digital attacks have the potential to reach out beyond mere computers to have real, physical consequences.
Chinese hacking groups are reportedly planning and executing various types of stealthy cyberattacks to steal intellectual property. While Beijing consistently denies supporting or sponsoring hacking efforts, the truth is such attacks are on the rise. Mandiant, a leading cybersecurity firm, says the hacking attacks originating from China are becoming more layered and complex with time.
The Microsoft Exchange Server breach
The Microsoft Exchange Server breach made headlines in January 2021. The Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.
The U.S., the UK, the EU, Nato, and some other countries lashed out at Beijing, saying it was behind the attack. They even blamed the Ministry of State Security of China for acting as the mastermind of it. The attack impacted almost 250,000 organizations worldwide. The hackers managed to siphon off important company emails for espionage. After Microsoft sensed the flaw it sprang into action.
The former chief executive of the National Cyber Security Centre of the UK, Ciaran Martin, said: “What you saw here was real recklessness. The Hafnium attack on Exchange was in complete contrast to the Russian exploitation of SolarWinds software for espionage purposes. In that case, there was no collateral damage — but as for Hafnium when they realized they had been caught, the hackers booby-trapped the software on the way out.”
U.S. Secretary of State Antony Blinken too lambasted China saying the CCP-ruled country is now posing a big threat to the economic and national security of the U.S. He said: “Responsible states do not indiscriminately compromise global network security nor knowingly harbor cybercriminals — let alone sponsor or collaborate with them.” U.S. security experts apprehended attackers paid by the MSS who executed Microsoft’s Exchange email application hacking. The hackers exploited the pandemic-induced limitations, including a lack of secure Internet access.
Red Apollo and Operation Cloud Hopper
A Chinese hacking group codenamed Red Apollo (also known as APT 10, MenuPass, Stone Panda, and POTASSIUM) is a Chinese state-sponsored cyberespionage group. It carried out several hacking campaigns targeting healthcare, defense, education, biopharmaceutical, and aviation sectors in the U.S., UK, Germany, Saudi Arabia, and Canada.
This group allegedly stole data about topics like commercial aircraft servicing, autonomous vehicles, and also infectious disease research. Four Chinese nationalists were accused of setting up a fake company to camouflage the entire thing and hide the involvement of the Chinese government.
As expected, China has denied any part in these incidents. It has been said such allegations made by the U.S. and European nations are baseless and are meant to defame China. A few years back, it was hard to think of such developments.
In late 2015, then-U.S. President Barack Obama signed a cybersecurity pact with his Chinese counterpart Xi Jinping. The latter even said none of the nations will resort to online intellectual property theft activities. China also made a pact with the UK soon after.
The situation, however, changed after Donald Trump assumed the role of U.S. president in 2016. He adopted a more combative tone toward China from the beginning.
This led to China resuming its hacking activities, including the Operation Cloud Hopper attack in 2017 whereby Chinese-based attackers were able to get hold of security credentials by sending spoof emails to workers at cloud businesses. They then leveraged the access these “spear-phishing” attacks gave them to install malware that let them steal security credentials and conduct reconnaissance. The UK and the U.S. have named Red Apollo as the mastermind behind the attacks.