CN CyberAttack Finger Pointing at US

12199423092?profile=RESIZE_400xChina has reiterated claims that last month's cybersecurity attack on a Wuhan facility was the work of US intelligence agencies, pointing to a "very complex" malware used in the incident.  The Wuhan Earthquake Monitoring Center on 26 July 2023 was reported to be the victim of an attack that appeared to originate from government-backed hackers in the US. The allegations state the attack targeted network equipment that collected seismic intensity data, which measured the magnitude of earthquakes and contained information concerning national security, according to the Wuhan Municipal Emergency Management Bureau.  Information on military defense facilities, for example, is considered in determining seismic intensity.[1]

In the weeks following the attack, investigations have uncovered "malicious backdoor software that exhibits characteristics of US intelligence agencies", according to a report on 14 August 2023 by state-owned media Global Times.  Investigations were conducted jointly by China's National Computer Virus Emergency Response Center (CVERC) and local cybersecurity vendor 360.

CVERC's senior engineer Du Zhenhua said in the report that the country collects data to better monitor and detect geological disasters and provide early warning. Such data can offer valuable insights into military intelligence, he said.   Chinese officials suggest that accessing relevant data from seismic monitoring centers can enable hackers to estimate underground structures of a specific area and assess if it is a military base. This data will prove useful to foreign military intelligence agencies, such as the US Department of Defense.

Du added that cybersecurity attacks could damage monitoring systems, rendering them ineffective in giving accurate data in the event of an earthquake, or could lead to them triggering false alarms. He said that these issues could fuel social panic and lead to serious consequences, he said.

Remote sensing and telemetry systems and the data they contain are critical national resources that must be given priority protection, said Xiao Xinguang, who is a member of the National Committee of the Chinese People's Political Consultative Conference, and also chief software architect of local antivirus vendor Antiy Labs.

"US intelligence agencies not only actively collect various signal intelligence but have also long obtained other countries' comprehensive earth system science remote-sensing and telemetry data as strategic intelligence through various means," Xiao told Global Times.  "This includes sharing through allied intelligence mechanisms, coercing high-tech companies to provide it, and using academic and scientific research activities."

The report pointed to Prism and WikiLeaks as documented examples of the U.S. government's surveillance of other foreign leaders, including allies.

A CISA spokesperson did not comment on any of the questions from reporters, replying instead with a one-line reference to its advisories and an overview of China's cyber threat. It has similar landing pages for Russia, North Korea, and Iran.  On China, the US government states: "China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems."

CISA and NSA early this month released a report highlighting the top software vulnerabilities commonly exploited in 2022.  These included several flaws previously highlighted in 2021 and used by China's state-sponsored cyber actors, according to the  3 August 2023 statement released by the US security agencies and their Five Eyes counterparts comprising Australia, New Zealand, Canada, and the UK.

See:  https://redskyalliance.org/xindustry/five-eyes-cyber-alert

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Reporting:    https://www.redskyalliance.org/
Website:       https://www.redskyalliance.com/
LinkedIn:      https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632  

[1] https://www.zdnet.com/article/china-accuses-us-intelligence-agencies-as-source-behind-wuhan-cybersecurity-attack/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!