For years, China seemed to operate at the quieter end of the state-sponsored piracy spectrum. While Russia and North Korea have carried out piracy operations, launched massively disruptive cyber attacks and blurred the line between cybercriminals and intelligence agencies, China has quietly focused on more traditional – if prolific – espionage -. espionage and intellectual property theft. But a collective message today from dozens of countries calls for a change in China’s online behavior – and how the chaos traces its primary cyber intelligence agency increasingly rivaling that of the Kim Regime or the Kremlin.
On Monday, the White House joined the British government, the EU, NATO, and governments from Japan to Norway in announcements that have highlighted a chain of Chinese piracy operations, and the Department of Homeland Security. the U.S. Justice Department has separately charged four Chinese hackers, three of whom are believed to be officials of China’s Ministry of Homeland Security or MSS. The White House statement specifically blamed China’s MSS for a mass piracy campaign that used a vulnerability in Microsoft’s Exchange Server software to compromise thousands of organizations around the world. It also reprimands MSS of China for having partnerships with contract organizations that are engaged in cybercrime for profit, making eye contact or even condemning extracurricular activities such as infecting victims with ransomware, using victim machines to cryptocurrency mining and financial theft. “The PRC’s unwillingness to tackle criminal activity by contract hackers harms governments, businesses and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, payments rescue and mitigation efforts, ”the statement said.
This long list of digital sins represents a significant change in the modus operandi of Chinese hackers, many of whom Chinese guards say can be reconciled until the country’s 2015 reorganization of its cyber operations. That’s when he transferred much of the control from the People’s Liberation Army to the MSS, a state security service that has become over time more aggressive both in its ambitions of piracy and in its willingness to outsource to the criminals.
“They’re getting bigger. The number of hackers has dropped but the scale has gone up,” says Adam Segal, director of the Digital and Cyberspace Policy program at the Council on Foreign Relations, which has long focused on the activity. of Chinese piracy. It is in part small because the non-governmental hackers with whom the MSS works do not necessarily obey the rules of state-sponsored piracy. “There’s probably a greater tolerance for irresponsibility,” Segal says.
Priscilla Moriuchi, a non-resident Fellow at Harvard’s Belfer Center for Science and International Affairs, has always preferred to employ intermediaries, front-line companies and entrepreneurs in her practical operations. “This model in both HUMINT and cyber operations allows the MSS to maintain a plausible negativity and to create networks of recruited individuals and organizations that can bear the burden of guilt when they are taken,” says Moriuchi, using the term HUMINT to mean the human, not cyber side of espionage operations. “These organizations can be burned down quickly and other ones needed.”
While those entrepreneurs offer the Chinese government a layer of negativity and efficiency, however, they also lead to less control of operators, and less assurance that hackers will not use their privileges to get rich – or MSS officials who dole out the contracts. “In light of this model, it is not surprising to me that the cyber operations groups assigned by MSS also conduct cybercrime,” adds Moriuchi.
The White House statement in general indicates a large, disorderly and in some cases unrelated collection of Chinese piracy activities. She was accompanied by a separate prosecution of four MSS-affiliated hackers, three of whom were MSS officers, all accused of a wide range of intrusions aimed at industries around the world from healthcare to aviation.
But more unusual for the data theft explained in that accusation was the mass piracy called for in Monday’s announcement, in which a group known as Hafnium – now linked by the White House to China’s MSS – is entered into no less than 30,000 Exchange Servers around the world. The hackers have also left behind so-called “web shells”, which allow them to regain access to those servers at will, but also introduce the risk that other hackers could discover those backdoors and exploit them for their own purposes. That element of the piracy campaign was “untargeted, reckless and extremely dangerous,” wrote former CTO of Crowdstrike and founder of Silverado Policy Accelerator Dmitry Alperovitch, along with researcher Ian Ward, in a March blog post. At least one group of ransomware appeared to try to piggyback out of Hafnium’s campaign immediately after he was exposed.
There is no clear evidence that Hafnium hackers from the MSS have implemented ransomware or cryptocurrency software on one of those tens of thousands of networks, according to Ben Read, the director of cyber-espionage analysis in response to the incident and Mandiant threat intelligence company. However, criticism from the White House to the Chinese government for blurring cybercrime and cybercrime seems to be in line with other piracy campaigns that have lasted for years and that have more clearly crossed that line. In September last year, for example, the DOJ charged five Chinese men working for an MSS contract known as Chengdu 404 Network Technology – known in the cybersecurity industry as Barium before they were identified. – who are all accused of hacking dozens of companies around the world in a collection of operations that seemed to mix free espionage with cybercrime to profit.