China’s National Computer Virus Emergency Response Center (CVERC) released a 60-page report accusing the U.S. government of orchestrating a disinformation campaign to shift the blame of cyber espionage activities onto China. The report suggests that the U.S. is using sophisticated tactics, such as False Flag operations and the ‘Marble’ toolkit, to mask its own cyber activities and maintain dominance in the global cyber arena.
According to the report, the ‘Marble’ toolkit is designed to obfuscate coding signatures typically used to trace cyber attackers, making it difficult to attribute cyberattacks to their true source. This tool can insert foreign language strings into malware code to mislead investigators and wrongly implicate foreign actors. False Flag operations, which involve carrying out attacks under the guise of another country, further add to the confusion in attributing cyberattacks.
The report also highlights the U.S.’ broader strategy of influence operations, aimed at shaping perceptions, spreading disinformation, and destabilizing target nations. The U.S. allegedly employs a framework of 4D principles – deny, disrupt, degrade, deceive – to control the narrative in cyberspace. Naming conventions like ‘Panda’ and ‘Dragon’ used to attribute threat actors to China are criticized as geopolitically motivated and racially biased.
Accusations against the U.S. include the use of mass surveillance projects like ‘UpStream’ and ‘Prism’ to siphon data from global internet traffic. These projects allegedly allow the U.S. to monitor vast quantities of data in real-time, providing actionable intelligence for military, diplomatic, and economic purposes. The report also suggests that U.S. citizens, despite legal protections, are subject to surveillance under these programs.
Moreover, the report claims that U.S. intelligence agencies conduct supply chain attacks by inserting backdoors into hardware and software products sold to foreign targets. The NSA’s Office of Tailored Access Operations (TAO) plays a key role in these activities, posing significant risks to critical infrastructure globally. Allies like Germany, France, and Japan have also reportedly been targeted by U.S. espionage activities.
Microsoft, a major cloud and enterprise software provider, is implicated in the report for its alleged collaboration with U.S. intelligence in developing tools and platforms for data collection. The report raises concerns about privacy and the ethical implications of corporate cooperation in state-led surveillance activities. The collaboration between Microsoft and the U.S. government has sparked questions about the role of private companies in state-led surveillance efforts.
The report disputes allegations made by the U.S. government and companies like Microsoft against China-linked threat actors, indicating a complex web of cyber espionage and misinformation campaigns at play in the global cyber landscape.