China engages in cyber surveillance of Indo-Pacific nations
Chinese cyber spies have been actively surveilling Beijing’s neighbors to support the country’s financial interests and gather military intelligence, cyber security firms reported.
Crowdstrike, a U.S. cyber security firm, identified five China-based entities as perpetrating cyber intrusions in the Indo-Pacific, according to the firm’s “2018 Global Threat Report” released in February 2018. These adversaries, the report said, carried out unauthorized surveillance of India, Japan, South Korea, Taiwan and Vietnam in 2017 and 2018.
“The targeting of Southeast Asian countries reflects not only China’s heavy investment in large infrastructure projects within the region, but also ongoing territorial disputes in the South China Sea,” the report said. “Information on many of the targeted government entities likely supports intelligence requirements for military or diplomatic decision making.”
Observed targeting of other sectors — technology, industry, aerospace, telecommunications and energy — likely supports high-priority financial investments such as China’s Belt and Road Initiative, the report said.
Since the beginning of 2018, China-based cyber operatives also have targeted U.S. companies with interests in the South China Sea, according to FireEye, a U.S. cyber security firm. Crowdstrike said the Chinese entities responsible for Indo-Pacific cyber intrusions have been helped by the Chinese government, specifically the Ministry of State Security. The Crowdstrike report contends vulnerabilities exploited in the attacks were first discovered by the ministry and shared with potential perpetrators.
Media reports support this assessment. Reuters reported on cyber transgressions against official and corporate targets in Vietnam in August 2017. An October dispatch from U.S. cyber security firm SecureWorks revealed intrusions into Japanese commercial websites. In November 2017, Taiwan’s governing party and some government offices announced in the Financial Times newspaper that they had been hit by Chinese hackers. In the same month, the Australian Broadcasting Co. reported about an intrusion by Chinese hackers into Australian law firms holding sensitive commercial information. In March 2018, Indian military officials released a video accusing Chinese hackers of extracting personal data from citizens of India who used the social media application WhatsApp.
At FORUM’s request, Rand Corp.’s cyber security experts offered some analysis of recent Chinese cyber activity. “The Chinese retain their interest in cyber espionage, but cyber attacks are of less interest to them,” Rand reported. “That noted, airport signage systems in Vietnamese airports did come under cyber attack a year or so ago. The suspicion is that it was China, but there has not been any conclusive evidence.”
Accusations of intellectual property theft enabled by government-sponsored Chinese hackers precipitated talks that led to the 2015 U.S.-China Cyber Agreement. The agreement was followed by a marked reduction of intrusions into the computer networks of U.S. private-sector firms. Changing conditions, however, could be ushering in a return of old habits.
“After the 2015 cyber agreement between the U.S. and China, there was a shift to acquiring intellectual property through the buy-out of foreign companies,” Crowdstrike reported. “Because of the large outflow of cash from China, this method may be discouraged in the near term; therefore, cyber operations to acquire intellectual property may rise again, affecting countries in Europe, Japan, the United States and possibly Russia.”
Tom Abke is a FORUM contributor reporting from Singapore.