Since the beginning of 2022, the Chinese Ministry of Foreign Affairs and cybersecurity companies have been increasingly alleging alleged US cyber espionage. So far, such accusations have been rare. They seem to be based on obsolete and well-known technical details. This was reported by the publication WIRED .
China’s allegations, which have been flagged by security journalist Catalin Chimpanu, follow a very similar pattern.
On February 23, Chinese company Pangu Lab published allegations that elite hackers from the Equation Group of the US National Security Agency (NSA) used a backdoor dubbed Bvp47 to monitor 45 countries. The Global Times, China’s state media outlet, published an exclusive report on the venture. And already on March 14, the newspaper published the second exclusive material about another NSA tool called NOPEN. The publication was based on data from the National Computer Virus Response Center of China.
A week later, Chinese cybersecurity firm Qihoo 360 claimed that American hackers had attacked Chinese companies and organizations.
On April 19, the Global Times reported the findings of the National Computer Virus Response Center regarding the HIVE malware allegedly developed by the CIA.
“China is seriously concerned about the irresponsible malicious cyber activities of the US government. We call on the American side to explain themselves and stop such deliberate actions immediately,” Foreign Ministry spokesman Wang Wenbin said in April.
In early May, representatives of the Chinese Foreign Ministry commented on US cyber activity at least three times.
Interestingly, many hacker tools developed in the US are no longer secret. In 2017, WikiLeaks published 9,000 Vault7 leak documents detailing many of the CIA’s tools.
In 2016, the shadow Brokers, a mysterious hacking group, stole data from one of the NSA’s elite hacking teams and released it to the public. The data included dozens of exploits, as well as the Eternal Blue tool, which was then used in some major cyberattacks.
And many of the details in the Shadow Brokers leaks matched the NSA information leaked by Edward Snowden in 2013.
Ben Reid, director of cyber-espionage analysis at US firm Mandiant, said China’s state media reports mostly contained old information.
Pangu Lab’s February report on Bvp47 — the only posting on its website — says the company originally discovered the details in 2013, but pieced them together after the Shadow Brokers leak in 2017. Detailed information about HIVE and NOPEN has also been available for many years.
Megha Pardhi, a China researcher at the Takshashila Institute, believes that the publications and subsequent comments by officials may serve several purposes. In its internal affairs, China can use them for propaganda and let the US know that it has the ability to attribute cyber activity to them. It is also a warning to other countries.
Many of the 2022 disclosures come from private cybersecurity companies. This is similar to how Western cybersecurity companies report their findings. But their research is not always included in the abstracts of the government, and they are almost never seen in the state media.
In recent years, China’s policy has focused on positioning itself as the dominant force in technology in everything from 5G to quantum computing.
Suzanne Spaulding, senior adviser at the Center for Strategic and International Studies, believes that there is simply a marketing battle going on between the US and China.
“China is offering a model to the world that rivals Western-style democracy,” she said.
But relations between the two countries have grown more tense in recent years over national security issues, including worries about telecommunications giant Huawei. Spaulding suggested that China might react in this way to the unification of Western countries after Russia’s attack on Ukraine.
Officially: Information about those that Huawei helps Russia to prevent cyberattacks, but does not prove effective