China Calls US ‘Biggest Empire of Hacking’ After Being Accused of Cyber Spying
Still unrivaled global at cyber attacks and espionage in Chinese opinion
China has deflected claims that its government was behind a series of hacks that reportedly attempted to infiltrate networks linked to the U.S. defense sector, instead accusing the United States of conducting an unrivaled global campaign of cyber attacks and espionage.
California-based cybersecurity firm FireEye’s incident response division Mandiant published a report Tuesday claiming Chinese involvement in an attempt to penetrate the VPN technologies of the Defense Industrial Base Sector, defined by the Cybersecurity and Infrastructure Security Agency (CISA) as “the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements.”
The company suspects that at least one of the perpetrators active between August 2020 until March 2021 “operates on behalf of the Chinese government.”
Asked about the allegations, Chinese Foreign Ministry spokesperson Wang Wenbin was skeptical.
“Given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, it is important to have enough evidence when investigating and identifying cyber-related incidents,” Wang told reporters on Wednesday. “Groundless speculations should be avoided.”
He then directed attention toward Washington’s own international hacking efforts.
“As a matter of fact, the U.S. is the biggest empire of hacking and tapping as we all know,” Wang added. “China firmly rejects any organization or country throwing mud at China under the pretext of cybersecurity or using the issues to serve their political purposes.”
The U.S. and China both have dedicated state branches dedicated to cyberwarfare and espionage.
The extent to which the U.S. engaged in such behavior has been brought to light by reporting on campaigns such as the National Security Agency’s PRISM program that stores and monitors online communications. The NSA has also been accused of tapping the phones of foreign officials, including allies like German Chancellor Angela Merkel.
In recent years, Washington has accused Beijing of engaging in a concerted campaign to infiltrate both public and private institutions abroad, and U.S. firms specializing in cybersecurity have corroborated the claims. The latest incident is believed to have targeted Pulse Secure Connect, a widely used remote connectivity tool owned by Utah-based software company Ivanti.
The report prompted an emergency directive by CISA “requiring federal civilian departments and agencies running Pulse Connect Secure products to assess and mitigate any anomalous activity or active exploitation detected on their networks.”
The directive comes “in response to observed active exploitation using disclosed vulnerabilities in Pulse Connect Secure products,” according to the statement, which did not attribute blame for the incident. “Successful exploitation of these vulnerabilities allows an attacker to gain persistent system access and control of the enterprise network operating the vulnerable Pulse Connect Secure appliance,” it added.
Acting CISA Director Brandon Wales issued accompanying remarks.
“Over the last year, CISA has issued several alerts urging agencies, governments and organizations to assess and patch Pulse Connect Secure vulnerabilities,” Wales said. “This Emergency Directive reflects the seriousness of these vulnerabilities and the importance for all organizations – in government and the private sector – to take appropriate mitigation steps.”
CISA was established in 2018 under the Department of Homeland Security to counter cyber threats to the country. The young agency saw one of its biggest challenges last year upon the discovery of a wide-spanning hack, which affected FireEye along with a long list of government agencies and leading companies infected with trojanized updates to leading software company SolarWinds.
President Joe Biden, who inherited the investigation into the hacks from his predecessor, former President Donald Trump, has blamed the affair on Russia and has expelled several diplomats in retaliation. Moscow has denied any involvement and has demanded a number of U.S. officials leave the country in retaliation.