For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years.
A recent examination of Beijing's claims by researchers at SentinelOne found most of them to be unsubstantiated, often based on previously leaked US intelligence and lacking any technical evidence.
That has not stopped the Chinese government from pursuing its misinformation campaign in an attempt to divert attention from its own hacking activities, SentinelOne said.
To date, the campaign has met with some limited success, as China's claims have made their way into western media outlets like Reuters, he says.
The SentinelOne report comes amid a backdrop of heightened alarm in the US about China's insidious and persistent intrusion campaigns into US critical infrastructure by Chinese threat groups such as Volt Typhoon.
It also announced criminal charges against four individuals at the MSS for engaging in cyber campaigns to steal intellectual property and trade secrets from organizations in the aviation, defense, maritime, and other sectors in the US and other countries.
The US allegations came shortly after an incident where attackers - later identified as working for the MSS - exploited four zero-day bugs in Microsoft Exchange to compromise tens of thousands of computers worldwide.
What proved especially irksome was the apparent decision by the Chinese hacking team to automate their attack and to share details of the vulnerability with others when it became apparent that Microsoft was ready to release a patch for the flaws, SentinelOne said.
China Launches Coordinated Disinformation Campaign China's attempts to get back at the US include having some cybersecurity firms in the country coordinate publication of reports about US hacking activity, then using government agencies and state media to amplify their impact.
Since early 2022, state media in China began releasing English-language versions of cyber threat intelligence reports from Chinese security firms.
The English-language Global Times, a publication that generally reflects the official views of the Chinese Communist Party, mentioned NSA-related hacking tools and operations 24 times in 2022, compared to just twice the preceding year, SentinelOne found.
In 2023, the publication ran a series of articles on US intelligence agencies allegedly hacking into seismic sensors at the Wuhan Earthquake Monitoring Center.
The articles were apparently based on a report from Chinese cybersecurity firm Qihoo360 and another Chinese government entity.
Last April, China's cybersecurity industry alliance published a report that chronicled more than a decade of research on US cyberattacks such as the Stuxnet campaign on Iran's Natanz nuclear facility.
US Hacks on China: A Lack of Evidence According to SentinelOne, most of China's reports are not backed by any technical evidence of the sort that cybersecurity firms in the US and some other countries provide when disclosing nation-state campaigns.
The Global Times article on the attacks at Wuhan's earthquake monitoring facility quotes a Qihoo360 report that is not publicly available anywhere.
The report garnered some attention in the US, with several media outlets running with the story, SentinelOne said.
Reports that do have some form of attribution or evidence are often based on leaked US intelligence documents such as Edward Snowden's leaks, the Vault 7 leaks, and the Shadow Brokers leaks, Cary says.
Of the 150 or so citations in the report from China's cybersecurity alliance, less than a third are from Chinese vendors.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 12 Feb 2024 11:00:23 +0000