China has used offensive cyber capabilities to propel domestic industry and suppress opposition at home and abroad. As China seeks independence from Western interests, the role of cyber is likely to increase, a report from IntSights finds.
After months of escalating tensions between the US and China in the wake of the coronavirus pandemic, TikTok announced Tuesday that it is suing the Trump administration after the president took action to ban the platform amid security concerns.
But while the fight over TikTok plays out in public, a far more extensive campaign by the Chinese Communist Party (CCP) that puts “data as the most valuable asset” gets far less attention, even while it is helping to elevate China to “superpower” status, according to a new report from the firm IntSights. And the role of cyber offensive capabilities is likely to increase as China seeks greater economic independence from Western interests.
Cyber as a political weapon
More and more, China is using- and investing in cyber capabilities in order to reach its strategic goals of becoming the next global superpower. The country launches cyber attacks against its adversaries or economic rivals such as India and the United States. At the same time, it uses attacks and technology-enabled surveillance to suppress dissent within its borders, IntSights said.
Etay Maor, Chief Security Officer at IntSights and author of a new report covering Chinese cyber strategy and tactics tells the Security Ledger that cyber lets China “level the playing field.” While the US remains the world’s largest economy and military force, the report notes China is “perhaps the world’s greatest cyber power”.
IntSights said that the role of the country’s cyber program is likely to expand in forthcoming “Five Year Plans” (FYPs), which China uses to direct domestic and economic programs as well as foreign affairs. Since taking office, Xi Jinping, the leader of the CCP, has taken an aggressive approach to cyber operations through three major tactics: targeting private enterprise to steal IP and gain an economic advantage, utilizing military-led cyber attacks on those it wishes to disrupt or harm, and suppressing any domestic dissent through digital censorship.
It’s the economy, stupid
China cannot become dominant globally without an equally dominant economy, and the country’s economic goals are in plain sight. The nation is looking to reach a growth rate of “6.5% by 2020”, and bolsters these efforts by stealing intellectual property from the private industry of other nations, including US firms.
Those campaigns are having an impact within victim countries. Christopher Ray, Director fo the US FBI, has said publicly that the FBI estimates Chinese theft of US trade secrets costs the country ‘$300 billion-$600 billion a year.
Such attacks are likely to increase as China continues to pursue its FYP goal of transitioning from low-value to higher value manufacturing in areas like semiconductor product, IT, and robotics.
Furthermore, increasing trade tensions between the U.S. and China over firms like Tik Tok and Huawei will likely result in China putting more emphasis on technology self sufficiency in its forthcoming Five Year Plan. That goal may put more emphasis on development via stolen information.
As opposed to conventional military operations, economies and markets have become the new battlegrounds – and “everyone is a target” says Maor.
Chinese Cyber’s “Soft Power”
Becoming a global superpower takes support domestically and internationally. In the case of maintaining internal support for its vision, China is persecuting its religious minority groups to maintain cultural and ideological homogeneity– most prominently its population of Uigher Muslims. The state is bolstering its tracking and persecution of Uighers by way of “high-tech digital surveillance, exploitation campaigns via multiple strategically compromised websites, exploitation of vulnerabilities in Android operating systems commonly used among the minority population” as well as “digital profiling and exploitation” according to IntSights’ report.
In one example of the sophistication of these programs, Chinese APT groups compromised telecommunication providers in surrounding nations like Turkey, Kazakhstan, India, Thailand, and Malaysia with the goal of tracking the movement of Chinese Muslim minority Uighurs traveling between Central and Southeast Asia.
Internationally, cyber neatly weaves into the work China is doing to spread its influence among nations in the Middle East and Africa. As the nation expands its influence by investing in physical infrastructure projects in other nations, it is also supporting telecommunications projects such as 5G deployments.
By building goodwill and support from other nations, it can in turn promote and build cyber operations in these same nations. Something that would make attributing cyber attacks much more difficult.
‘Everyone is a Target’
It isn’t just the governments who should take notice, the IntSights reports makes clear.
For firms who are in the crosshairs, IntSights recommends rethinking attribution of attacks, security strategies, and evaluating their risk with this in mind. Maor says while novel and powerful cyber capabilities exist under the Chinese cyber arm, the majority of their work is done with common and well-understood tools like phishing and social engineering.
IntSights recommends that organizations stay on top of China’s evolving objectives and methods so that attacks and incidents that may be of Chinese origin aren’t overlooked. The company recommends that firms begin including strategic cyber threat intelligence briefings into their security program and evaluate how their organization or industry might be subject to Chinese state-sponsored threats.
Finally, organization should evaluate the risks posed by third party software (and firmware) and hardware providers and be prepared to defend against potential attacks.
You can view the full IntSights report here.