China-Linked Hackers Gather More Info Than Spy Balloons: Cyber Security Report

China-Linked Hackers Gather More Info Than Spy Balloons: Cyber Security Report
In this undated photo, Chinese soldiers are pictured working at computers. (Source:
China-linked hackers are reportedly far more effective than its spy balloons at gathering intelligence, with a newly released report showing how Chinese operatives regularly extract information from computer networks across the globe.

The 2023 Global Threat Report by leading cybersecurity firm Crowdstrike reveals that China-linked cyber-espionage groups are targeting 39 industries on nearly every continent.

According to the research, the majority of the hacking targets China’s Asian neighbors, with about 25 percent of their efforts directed at North America. The investigation discovered that as cybersecurity has advanced, so too have the methods China utilizes.

The targeted areas in North America incorporate a broad range, from defense, government, and aerospace to pharmaceuticals, telecommunications, and manufacturing.

“They’re endemic at this point—they’re everywhere,” said Adam Meyers, Crowdstrike’s head of intelligence.

The intrusions were likely intended to collect strategic intelligence, compromise intellectual property, and further the surveillance of targeted groups—all of which are key Chinese Communist Party (CCP) intelligence goals, the report stated.

According to U.S. officials, the intelligence-gathering activities of the United States only target the networks of its geopolitical adversaries. China, however, also hacks private corporations in order to steal intellectual property.

While such claims have been dismissed by the CCP in the past, they have been affirmed by a top American intelligence official, who said, “Hacking remains the chief Chinese espionage activity.”

“Hacking is where they make their money—the balloon doesn’t even register,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, in an NBC News report.

Upgraded Tactics

According to Meyers, Chinese hackers have upgraded their techniques significantly.

In the past, “smash and grab” operations dominated, but now sophisticated attempts to obtain credentials and enter networks covertly are common.

According to the data, more than two-thirds of intrusions Crowdstrike recorded in 2022 were “malware free,” meaning attackers gained access to networks using valid credentials, such as passwords. Typically, such information is obtained by convincing people to open emails or to click on links that include password-stealing URLs.

On June 7 last year, a cybersecurity advisory—coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI)—said state-backed Chinese hackers “continue to exploit publicly known vulnerabilities,” using advanced tactics to bypass defenses and remain undetected.

The agencies pointed out that the hackers allegedly utilize open-source tools—such as Routersploit and RouterScan—as well as known software flaws in networking devices, such as routers.

“These devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” according to the agencies.

The advisory (pdf) did not identify the victim companies involved, but did include a list of the common vulnerabilities and exposures (CVEs) most frequently exploited by the Chinese regime’s hackers since 2020, together with vulnerability types and the major vendors—Cisco, Citrix, D-Link, Fortinet, and Netgear.
According to Breitbart News, the Boston, Massachusetts-based security company Cybereason revealed in May 2022 that a “large Chinese intellectual property theft operation” known as “Operation CuckooBees” had taken place.
Hundreds of gigabytes of high-tech intellectual property—including pharmaceutical data and military information—were stolen by Chinese hackers as part of the operation, the outlet reported.

FBI Warnings

Just last month, a senior FBI officer called on U.S. officials to be on their guard ahead of the next election. The statement came from Cynthia Kaiser, deputy assistant director of the FBI’s cyber division. Kaiser said Chinese hackers pose a growing threat, and that American officials could see more Chinese cyber activity against their states as foreign actors search for political intelligence.

She noted that Chinese hackers had scanned the computer infrastructure of both Republicans and Democrats, searching for vulnerabilities. It’s unclear if any data was compromised.

Chinese hackers have been waging cyberattacks against the United States for over a decade. The information they have extracted includes personal files on over 4 million U.S. government employees, background information on over 20 million Americans and, most recently, at least $20 million of COVID-19 relief money.

Responding to Kaiser’s remark, the Chinese embassy in Washington said the Chinese regime does not encourage cyber attacks.

The scale and scope of China-nexus targeted intrusion activity is unlikely to contract in 2023, as cyber espionage remains a critical instrument to support the CCP’s strategic and economic ambitions, according to the Crowdstrike report.

Sophia Lam contributed to this report.