China has been engaged in a sustained effort to present the United States as guilty of engaging in cyber espionage and intrusion activities similar to those the US has been accusing China of conducting for the past several years. However, a recent analysis conducted by researchers at IT security firm SentinelOne has found most of China’s claims to be unsubstantiated and lacking in technical evidence. The report also notes that China has continued with this misinformation campaign in order to deflect attention away from its own hacking activities.

According to Dakota Cary, strategic advisory consultant at SentinelOne, China’s primary goal is to alter global public opinion on Chinese cyber intrusions by portraying itself as the victim of US hacking and painting the US as the perpetrator of such operations. While the campaign has achieved some limited success with China’s claims being reported in Western media, it has not changed the broader awareness of China’s cyber activities.

The report from SentinelOne comes at a time of significant concern in the US regarding China’s persistent and stealthy intrusion campaigns into critical infrastructure. These campaigns have been attributed to Chinese threat groups such as Volt Typhoon.

The recent efforts by China to push a US hacking narrative appear to have been triggered by a joint declaration by the US, UK, and European Union governments in July 2021, accusing the Chinese government of engaging in malicious and destabilizing behavior in cyberspace. The declaration specifically blamed the Chinese government for hiring criminal contract hackers to carry out unsanctioned cyber operations globally for personal gain, leading to the announcement of criminal charges against individuals at the Chinese Ministry of State Security.

The US allegations came in the wake of an incident where an attack, later identified as the work of the MSS, exploited four zero-day vulnerabilities in Microsoft Exchange to compromise tens of thousands of computers worldwide. Additionally, there was growing frustration over the Chinese hacking group automating their attack and sharing details of the vulnerability with others after learning that Microsoft was preparing to release a patch. This led to the Chinese government’s decision to launch a media campaign aimed at pushing narratives accusing the US of hacking operations in global media outlets.

Since early 2022, Chinese cybersecurity firms have coordinated the release of reports about US hacking activity, which are then amplified by government agencies and state media. The English-language Global Times, a publication reflecting the views of the Chinese Communist Party, has increased its coverage of US-related hacking tools and operations. This includes articles discussing alleged US intelligence agency hacking into seismic sensors at the Wuhan Earthquake Monitoring Center. Furthermore, a report published by China’s cybersecurity industry alliance detailed over a decade of supposed US cyberattacks, such as the Stuxnet campaign on Iran’s Natanz nuclear facility.

Despite these efforts, SentinelOne notes that most of the Chinese reports lack the technical evidence typically provided by cybersecurity firms in the US and other countries when disclosing nation-state campaigns. Many of the reports are based on previously leaked US intelligence documents, such as those from Edward Snowden, Vault 7, and the Shadow Brokers. In addition, China’s cybersecurity companies have not publicly released any data to back up their claims of US hacking, raising questions about the credibility of their allegations.

Despite the lack of technical evidence and the reliance on previously leaked US intelligence, China’s misinformation campaign continues to persist. The US, along with its allies, remains vigilant in their efforts to counter and expose China’s cyber activities, seeking to maintain public awareness of the true nature of Chinese hacking operations.

Source link