On Tuesday, the United States and seven of its allies issued a warning that the Chinese-supported hacker group APT40 poses a threat to other countries’ networks. This comes after China accused the U.S. and its allies of spreading false information the day before. Experts believe that the united response from Western countries against Chinese cyber hackers marks a significant turning point, emphasizing the need for coordinated sanctions among Western nations. Despite China’s rebuttals to the accusations, the credibility of the accusations made by democratic governments in the West is seen as more trustworthy.
In a report released on Tuesday led by Australia, the U.S., U.K., Canada, New Zealand, Japan, South Korea, and Germany’s cybersecurity and intelligence agencies pointed out that APT40 has targeted governments in the Indo-Pacific region multiple times.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) specifically mentioned the APT40 hacker organization in the report, revealing its evolving attack methods. APT stands for Advanced Persistent Threat.
The report stated, “APT40 carries out malicious cyber operations on behalf of the Chinese Ministry of State Security (MSS)… Reports have previously claimed that the organization is based in Haikou, Hainan Province, China, on missions dispatched by the Hainan Provincial Public Security Department and Hainan Provincial State Security Department.”
“APT40 has repeatedly targeted Australian networks, regional government, and private sector networks, posing a continued threat to our networks.”
ACSC also provided two case studies involving APT40 cyber-attack activities, with one case involving the theft of hundreds of usernames and passwords from an organization in Australia in April 2022.
This joint coordinated action taken by Western governments is a rare move against global hacking operations led by the Chinese intelligence sector.
In response, a Deputy Researcher at the Network Security Institute of the Taiwan Institute for National Defense and Security Studies, Zeng Yishuo, recently told The Epoch Times that this falls within the realm of gray zone behavior, especially in terms of cyber intrusions, making it difficult to trace. “It is difficult to confirm completely who and where the attacks are originating from. It cannot solely be determined by IP locations since there could be proxy behaviors, and it cannot be purely determined by coding techniques or behavioral patterns as these can also be imitated.”
Zeng Yishuo added that alternative methods outside the virtual space and beyond the internet are needed for further investigation to find evidence substantial enough for prosecution. In the past, the FBI has gone through great efforts to indict Chinese military hackers based in Shanghai and other hacker groups like APT40, but these past actions have not effectively deterred them.
The United States has issued warnings to Chinese hackers several times. In March of this year, the Biden administration imposed sanctions on Chinese hackers. The U.S. Department of Justice announced criminal charges against these alleged hacker organizations and five other defendants, while the U.S. Department of State offered a $10 million reward for information on these individuals.
Intelligence officials on both sides of the Atlantic have publicly warned that China is engaged in the world’s largest hacking campaign, posing a serious threat to national security and private enterprises.
However, Chinese hackers continue to operate brazenly. Zeng Yishuo stated, “This is similar to asymmetric warfare and is a war of attrition. Many countries in the past did not have the capability to trace these attacks, and China can easily employ internet mercenaries and hacker groups by spending little money, making legal tracing or sanctions by other countries a resource-intensive process.”
“So, this is a war of attrition that is long-lasting and cannot be resolved quickly. It is not as simple as identifying and confirming a target.”
Zeng Yishuo believes that the U.S. is now combining multiple countries in a joint statement to address cyber threats posed by China. “Making hackers feel punished is the first step to deterring gray zone behavior and threats, as this differs significantly from the past. Previously, the U.S. combined the Five Eyes alliance, but now it includes countries like Japan, South Korea, and Germany, to collaborate on collective defense and impose sanctions.”
“When imposing sanctions, it must be a joint effort among multiple countries on a coordinated platform to prevent loopholes that would allow hackers to transfer their funds out.”
Zeng Yishuo emphasized, “This is quite different from the past, as the goal previously was to be deterrent, but that couldn’t be achieved. Now, sanctions are being enacted, with multiple countries, private sectors, technology sectors, and tech companies jointly combating these actions. So, we will have to wait and see how this unfolds.”
Zeng Yishuo believes that the U.S.’s actions are giving other countries the confidence to confront Chinese hackers collectively, leaving China feeling relatively powerless in response, continuously raising doubts. “If you believe it, others will believe it; if you don’t, others won’t. China vehemently denies everything the U.S. accuses, using this narrative to persuade its allies.”
The day before, Xinhua News Agency and other Chinese state media heavily reported on Monday that the U.S. government concocted the “Volt Typhoon” hacker organization to smear China. The report stated, “‘Volt Typhoon’ is a false information and propaganda operation orchestrated by U.S. intelligence agencies, anti-China U.S. congressmen, various federal government agencies, and the cybersecurity departments of Five Eyes alliance countries, based on precise advertising targeting cognitive domain warfare.”
Back in April, the Federal Bureau of Investigation (FBI) and cybersecurity agencies from the Five Eyes alliance countries jointly issued a warning bulletin, claiming to have thwarted the Chinese “Volt Typhoon” hacker organization’s “subversive actions” in American networks.
The Voice of America previously reported that U.S. and allied intelligence agencies announced as early as February 7 that the Chinese hacker organization “Volt Typhoon” has been active in the U.S. critical infrastructure for over five years. They warned that “in case of geopolitical tensions or military conflicts, these entities might use their network access routes to cause destructive consequences.”
In response, Su Ziyun, Director of the Institute of National Defense Strategy and Resources at the Taiwan National Defense Institute, recently told The Epoch Times that U.S. research has found copious records of the Chinese “Volt Typhoon” organization infiltrating and lurking around the critical infrastructure of democratic countries, potentially launching attacks during crucial times to disrupt electricity, transportation, water facilities, and even financial systems, leading to social unrest and jeopardizing national security.
Regarding the mutual accusations of cyberattacks between the U.S. and China, Su Ziyun believes that Chinese state media, just like the judiciary, is primarily controlled by the Communist Party. In contrast, accusations from the West are considered more credible because Western countries have legislative bodies overseeing the executive branch, media that scrutinize the administration, and non-governmental organizations that assist in testing internet security.
“Western governments cannot control public opinion. Thus, in this situation, if a democratic government lies, it will quickly be supervised and exposed by various groups. Hence, their warnings are highly credible as they undergo multiple levels of scrutiny and verification.”
In comparison, Chinese state media comes off as feeble and unsuccessful, according to Su Ziyun, who believes this is a legitimate concern for Beijing, highlighting a self-delusional state. This is not only a matter of external perception but also an issue of internal perception. The people in mainland China are constantly exposed to such an environment, and essentially, it is the Communist Party that poses a threat to the world and mainland China itself.
Regarding China’s disruptive actions, Su Ziyun believes there will likely be only one outcome: the upcoming NATO summit will further validate China’s cyber threats.
He mentioned that since 2018, Chinese telecom giant Huawei’s base stations have gradually been banned, DJI drones have been found to have cybersecurity risks, and Hikvision surveillance cameras also pose such risks. With the addition of national-level forces, particularly the “Volt Typhoon” from China, a similar cyber attack software, NATO will likely see China as an escalated threat at this year’s summit. Of course, in countering the cyber and information threats posed by China, coordination among allies will become even closer.
On Tuesday, the North Atlantic Treaty Organization (NATO), composed of 32 member countries, convened a summit in Washington D.C. A source told Japan’s Asahi Shimbun that Japan will strive to establish a strategic framework with NATO during the summit to address the escalating threat of false information.
This year is an election year in the United States, and there are concerns in various sectors about Chinese network hackers interfering in American domestic affairs. Zeng Yishuo also stated that Chinese national security units are unlikely to back down on this issue.
“The U.S. is using these actions to warn China not to manipulate and interfere in the upcoming U.S. presidential election through cyber attacks. This is a significant warning. If Beijing continues to try, as they likely have already set many traps and operations, the U.S. is sending this warning to China.”
He added, “Moving forward, if Beijing remains active and tries to test the waters, the closer the elections get, the stronger the U.S.’s actions, particularly in national security and counteracting measures, will be.”