Leaked Hacking Files Spur Concerns of China Weakening US for War

Leaked Hacking Files Spur Concerns of China Weakening US for War
(Illustration by The Epoch Times, Getty Images, Shutterstock)
March 05, 2024
March 12, 2024

WASHINGTON—China’s communist regime is engaged in a worldwide campaign of cybercrime and leading experts believe that the United States is failing to respond swiftly enough to counter the threat.

“In the current era of cyber, it’s all about speed,” retired Army Col. John Mills told The Epoch Times.

“You have to presume a breach, and that the threat is inside. Looking at it from that perspective, it’s all about speed of identification, speed of ejection. The U.S. government is not good at that.”

All signs indicate that the Chinese Communist Party (CCP) and its proxies are engaged in a robust and global cybercrime campaign that aims to both destabilize the regime’s foes and position itself for a potential war with the United States.

“This is an extraordinary threat,” said Mr. Mills, who previously served as the director of cybersecurity policy, strategy, and international affairs at the Department of Defense.

A cache of leaked documents that surfaced in late February implicated the regime’s direct involvement in overseas cyber espionage.

The documents belonged to a criminal hacking group called I-Soon, which masquerades as a legitimate business in China, apparently with the regime’s blessing.

The leaked files revealed the group’s infiltration into government departments in India, South Korea, Thailand, Vietnam, and South Korea, as well as NATO organizations.

Files included product manuals, marketing materials, employee lists, chat records, financial information, and details about foreign infiltration efforts.
Some of the documents that were verified by the Associated Press show that the majority of the group’s clients are based within China’s regional security bureaus and the CCP’s Ministry of Public Security.

Mr. Mills said the revelation was “predictable,” and that CCP authorities have a long history of conducting illicit tasks in addition to their formal duties.

“The CCP and the government, which is one [and] the same thing, knew these people were moonlighting. This is part of the culture of corruption [in China],” Mr. Mills said.

The I-Soon leaks surfaced amid a wider flurry of CCP-backed cyber activity, in which the regime successfully infiltrated both U.S. critical infrastructure and the defense ministry of the Netherlands.
Volt Typhoon, a malware used to infiltrate U.S. systems and target critical infrastructure, was discovered last year, having been implanted as part of a wider effort to pre-position for a military conflict. The malware also threatened the physical safety of Americans by targeting water, energy, rail, airline and port traffic-control systems, according to intelligence leaders.

Casey Fleming, CEO of the risk advisory firm BlackOps Partners, said that the Volt Typhoon initiative was part of the CCP’s strategy of unrestricted warfare through which it aims to secure military advantage over the United States through non-military means.

“The CCP is hyper-focused on weakening the U.S. from all angles to win the war without fighting,” Mr. Fleming told The Epoch Times.

“This is what World War 3 looks like. It’s the speed of technology, the stealth of unrestricted warfare, and no rules.”

(Top) Workers prepare laptops that will be used during the 2022 Winter Olympics in Beijing on Dec. 9, 2021. (Bottom) Chinese police and security staff watch as staff members enter the Japanese embassy in Beijing on Aug. 24, 2023. (Getty Images/Greg Baker, Kevin Frayer)

Chinese-Made Spying Tools

The more recent I-Soon leaks also shed light on the tools Chinese cybercriminals are deploying to infiltrate, undermine, and exploit the regime’s rivals.

Its services included a tool for infiltrating users’ accounts on social media platform X, including the ability to access phone numbers, email accounts, personal messages, and real-time activity even if users have enabled two-factor authentication.

Likewise I-Soon sold access to a custom suite of remote-access Trojans—malware capable of infecting Android, IOS, and Windows devices—which could, at times, alter registry files and collect GPS data, contacts, media files, and real-time audio recordings of conversations.

The Android version of the Trojan also had the capability of dumping all messages stored in major Chinese apps including QQ, WeChat, and Momo.

Notably, the I-Soon documents also revealed the existence of portable devices for “attacking networks from the inside,” including options to embed the malware in cellphone batteries, power strips, and circuit boards.

Similar devices could be outfitted with special equipment for operatives working abroad to establish safe communication with mainland China.

(Top L) Employees working on a smartphone assembly line at a factory in Dongguan, China, on July 20, 2022. (Top R) A shopper uses her smartphone to pay via a Wechat QR code at a vegetable market in Beijing on Nov. 3, 2020. (Bottom) Customers take pictures in an Apple store in Los Angeles on Sept. 22, 2023. (Jade Gao, Greg Baker, Patrick T. Fallon/Getty Images)

Mr. Mills said the regime is exploiting its advantage in the manufacturing domain to achieve dominance in cyberspace. China-based hackers are using manufacturing vulnerabilities in how devices connect and share data with one another.

And by smuggling malware into the United States with Chinese-made goods, he said, such devices could be used to penetrate the United States’ most critical infrastructure, as the Volt Typhoon malware was designed to do.

Mr. Mills said that the sheer diversity of systems used by different infrastructures in the United States makes it very difficult for the U.S. government to develop effective solutions to Chinese infiltration.

“The Internet of Things and critical infrastructure—that is still a very porous, vulnerable area,” Mr. Mills said.

“There’s a lot of industrial control systems and critical infrastructure. There’s a lot of obscure software programs and languages that are just not well understood, and they don’t scale as far as being able to secure them,” he added. “It’s very tailored and customized, which is inefficient and expensive, and that’s the reality of critical infrastructure.”

There are some indications that the Biden administration is beginning to tackle the issue of China-origin technology.

The Commerce Department announced on Feb. 29 that it intends to investigate and propose rules regarding vehicles with CCP-made technology.

“It doesn’t take a lot of imagination to think of how foreign government with access to connected vehicles could pose a serious risk to both our national security and the personal privacy of U.S. citizens,” Secretary of Commerce Gina Raimondo said in a press release.

“We need to understand the extent of the technology in these cars that can capture wide swaths of data or remotely disable or manipulate connected vehicles.”

A group of U.S. Senators introduce a bill to combat China's spying, at the U.S. Capitol on March 7, 2023. (Chip Somodevilla/Getty Images)

Any rules to safeguard Americans’ vehicle data are likely to take a long time to implement, however, and would only address one small facet of China’s cyber-espionage apparatus.

In order to truly mitigate the risk posed by technologies developed in communist China, Mr. Mills said, reshoring critical technologies is imperative.

“If you want to reduce the Chinese threat, start making things here,“ he said. ”That’s going to take care of 80 percent of your problem.”

Another key aspect of U.S. strategy, he said, should be to continuously find and reveal CCP threat actors on the global stage.

He said CCP-backed piracy in the South China Sea in the 1990s was partly alleviated by a continued effort to expose those propping up the industry.

“Everything keeps going until they’re publicly outed,” Mr. Mills said. “And then it’s amazing how people just disappear and the situation stops.”

Months to Respond

Mr. Mills said that Volt Typhoon appeared to be an explicit effort to pre-position malware that could cripple U.S. systems in the event of a war in the western Pacific, such as an invasion of Taiwan.

“This is pre-placement of malware that can be turned on in case of conflict and could disrupt many things,” he said.

Though the intelligence community eradicated Volt Typhoon from some 600 routers linked to critical infrastructure in December and January, the malware persists in an unknown number of civil devices.

Perhaps most alarmingly, U.S. officials are now acknowledging that the malware may have been implanted as early as five years ago, though they first publicly acknowledged it in May of last year.

That languid response, Mr. Mills said, was largely due to the United States’ cumbersome bureaucracy.

“It takes six months to a year for the U.S. government to really assess, understand, and respond to these breaches,” he said.

To that end, he said that the United States would need to commit to using non-cyber elements of national power to pressure the CCP and put the regime at risk in order to deter future aggression.

“You have all these instruments of national power. If you want [China] to stop breaking into our systems, then squeeze their finances, squeeze their economy, and it’s amazing what happens,” Mr. Mills said.

“It’s painful and embarrassing, the lethargy of the U.S. government in responding to these things.”