China national flag on micro chip showing Chinese cyber threat

More Warnings From US and UK Officials on Chinese Cyber Threat: “Epoch-Defining Challenge”

Officials from the United States and United Kingdom have issued another formal warning about the perceived Chinese cyber threat to international stability and social norms, calling the issue an “epoch-defining challenge” even as Beijing continues to deny that anything at all is happening.

Britain’s Government Communications Headquarters (GCHQ) characterized China’s actions in cyberspace as destabilizing and coercive, while US National Cyber Director Harry Coker said that the Chinese cyber threat was now operating at an “unprecedented scale.” This is the second public warning of this type in as many months, following an April accounting of the actions of the APT group Volt Typhoon in penetrating critical infrastructure companies and government agencies.

Chinese cyber threat activity tied to Taiwan tensions

GCHQ went so far as to say that the Chinese cyber threat was now its top priority. On Tuesday, the foreign minister summoned the Chinese Ambassador Zheng Zeguang to confirm and discuss China’s state-backed incursions into systems in the country. Earlier this month, the UK government directly accused China of breaking into a payment system used by the country’s armed forces, naming three specific actors working with a Hong Kong agency to engage in targeted hacking attacks. China maintains that it had no involvement with the incident.

China also continues to deny backing Volt Typhoon, which the US has accused it of wielding as a deterrent against any potential military support for Taiwan in the event of an invasion. A US report issued last month claimed that the APT group has been burrowing into critical infrastructure for years and would look to cause problems for military bases overseas and sow general havoc in the mainland by shutting down power and water service should a war over Taiwan erupt.

In March, the US also indicted seven Chinese nationals believed to be members of the APT31 hacking group, which has been named in a number of attacks on US organizations since 2014. The incident provided new illumination of the scope of the Chinese government’s use of private hacking outfits for espionage against foreign rivals, with the US naming Wuhan Xiaoruizhi Science & Technology as a front company and its owner Sun Xiaohui as one of the indicted parties.

US statements have also indicated that the company expects the Chinese cyber threat to be used to attempt to influence the upcoming 2024 elections, though the preference is less clear than it has been in previous years. China has tended to favor Democrat candidates, seeing them as more stable and less likely to take direct action against them. However, the Biden administration has made a point of both strengthening alliances with China’s rivals in the Pacific region and naming it as a leading threat to the world. It is possible that China will simply sow political disinformation to reduce overall national cohesion rather than act in the favor of one candidate or the other.

Critical infrastructure and real-world damage, once a “red line,” now increasingly targeted for attack

Director of the GHCQ Anne Keast-Butler has accused China of not just hacking foreign rivals, but also scooping up information from data brokers and leaning on smaller countries to adopt their own technology standards. Meanwhile, cyber criminals are now routinely stepping over the line of causing real-world damage with their hacking. The Chinese cyber threat has thus far stopped short of taking action in foreign critical infrastructure, simply infiltrating and burrowing in, but criminal actors have shown what level of damage can be done with even limited access to portions of vital services.

Prior to 2021, cyber attacks that caused real world damage were very rare. The most famous example from that period is likely the Stuxnet attack on the control panels of Iran’s nuclear facilities of 2010, an incident widely believed to be the work of the US and Israel. Russia was chastised several times for breaking into US electric grid companies and conducting reconnaissance, but did not pull the trigger on causing shutdowns outside of Ukraine. The 2021 ransomware attacks on Colonial Pipeline and JBS, which respectively caused gasoline shortages and disruptions to meat supplies, seemed to flip a switch that emboldened both criminal and state actors to be more open in their actions against foreign critical infrastructure.

This had previously been thought to be a “red line” with serious potential to turn a cyber attack into an armed conflict. But this has yet to happen, as both the Chinese cyber threat and other similar actors are bolder about probing critical infrastructure systems but have yet to be seen putting the lights out. For their part, cyber criminals have since made health care organizations their favorite target (a sector some swore to never attack) and have already caused several disruptions believed to have contributed to a death.

Tom Kellermann, SVP of Cyber Strategy at Contrast Security, notes that the most important aspect of defense against the Chinese cyber threat is in countering its focus on developing and buying novel exploits: “China poses a clear and present danger in cyberspace as tensions over Taiwan spill over. The PLA has ratcheted up the development of  zero days, which has led to the systemic infiltration of Western infrastructure.”