President Trump’s recent highly publicised announcements of trade tariffs on products from China and elsewhere have led various commentators to suggest that Beijing’s retaliation against the measures could include launching highly damaging cyber attacks on a variety of commercial and government sectors in the US.
Back in 2015, President Barack Obama and President Xi Jinping concluded an agreement that essentially amounted to a promise from the Chinese to stop state-sponsored hacker groups from targeting and stealing commercial secrets and intellectual property from the US. However, while a decrease in the number of attacks originating from China was reported in the following months, this may not simply have been due to the agreement: security company FireEye had already noted a quite significant drop the previous year, leading to speculation that Xi Jinping was strengthening his overall control over the Chinese military and the cyber attacks carried out by them. The arrest of five state-sponsored hackers from China’s People’s Liberation Army (PLA) Unit 61398, who were indicted on charges relating to commercial espionage, was cited as a further reason for the decrease.
It is also worth noting that it is entirely possible the Chinese agreed to the deal to allow Chinese state-sponsored hackers time to develop new tools for future cyber espionage operations, which would give them more opportunities to work within networks for a greater length of time without being identified.
Whatever the reason for the drop in the number of attacks, it is apparent that Chinese hacker groups are still very much in evidence.
Indeed, in June this year, a China-linked cyber espionage group named @Thrip was found targeting satellite operators, defence contractors, and telecommunications companies across the US and Southeast Asia. @Thrip had been operating since 2013, but the group’s activities have only recently been made public. The hackers have apparently been especially focused on the operational aspects of the target organisations, suggesting their interests could lie in disruption as well as espionage. @Thrip’s hackers use a combination of custom malware as well as legitimate tools, and they have managed to operate quietly and evade detection while moving through networks.
Also in June US officials reported that state-sponsored Chinese hackers had breached the computer of a Navy contractor working for the Naval Undersea Warfare Center in Rhode Island, stealing 614 gigabytes of sensitive data, which apparently included plans for the supersonic anti-ship missile Sea Dragon programme. Although that incident took place in January and February this year, before Trump announced the first major tariffs on Chinese products, Beijing will have been only too aware that he had ordered an investigation into Chinese trade policies in 2017; it is highly likely therefore that Xi Jinping’s government was fully expecting the start of what could be a prolonged and extremely damaging trade war, and had already initiated an escalation of state-sponsored cyber attacks aimed at quickly extracting as much information as possible. However, the emphasis on obtaining intellectual property from commercial companies and government organisations now appears to have been replaced by a focus on US military secrets and communications.
Of course, the US is not the only country targeted by the Chinese.
Late last year, for example, it was reported that Chinese groups known by any variety of names, including @EmissaryPanda and @APT18, had been attacking the subsidiary of a French energy company and a European drone manufacturer.
China has also been accused of using cyber warfare as part of the ongoing dispute with other nations over the South China Sea. In 2016, the Permanent Court of Arbitration in The Hague ruled against Beijing’s territorial claims in the waters and in favour of the Philippines and Vietnam. A range of cyber attacks followed the decision.
Cyber espionage is not only carried out by the Chinese: all countries (not least the US) engage in it, just as they have all historically participated in other forms of espionage.
What is interesting, however, is when an increase in cyber espionage activities takes place as a result of specific global political and economic policies and conditions. In the case discussed here, it may be that Trump’s unguarded, loose statements about his country suffering economic hardship at the hands of the Chinese could well be enough to instigate new, highly damaging waves of attacks targeting a range of US sectors, from critical infrastructure through to commercial companies and the military.
Trump’s tariffs could therefore result not only in global trade wars, but in unprecedented levels of state-sponsored cyber attacks. While these may initially be launched by Chinese groups, other countries such as Russia, North Korea or Iran could take the opportunity to unleash their own attacks in the hope that Xi Jinping’s army of hackers will be blamed for them.
The next few months could be very interesting indeed.