16 October 2019

Stunning Huawei Confirmation—1 Million Cyberattacks Every Day

Zak Doffman

China’s under fire Huawei is being attacked by more than just the U.S., says a company exec. The Chinese tech giant endures around a million cyberattacks per day on its computers and networks—and that’s according to its security chief, John Suffolk. This will be the most unexpected Huawei cyberattack story of the year so far.

As reported in the Japanese press, Suffolk implied such attacks are focused on IP-theft, which given Huawei leads the world for 5G network innovation and files more patents than any other company in the world, will come as little surprise. That said, the company has also accused the U.S. government of mounting cyberattacks as part of its concerted campaign against them.

In September, Huawei alleged in the media that U.S. law enforcement has "threatened, coerced and enticed" existing and former employees, and has executed "cyberattacks to infiltrate Huawei's intranet and internal information systems."


Suffolk did not attribute the attacks to any country or particular threat actor—including the U.S., and did not confirm whether they were from nation-states or competitors. But he did acknowledge that although almost all are defended, some attacks on older systems get through. The implication of this was not clear, although the media reported that these “cyberattacks have included a type of theft of confidential information by sending a computer virus by email.”

Such phishing or business email compromise attacks are universal, it would be more surprising if Huawei didn’t receive its fair share. They often rely on social engineering to trick employees into installing malware disguised as attachments, or visiting fake sites or viewing social media clips that are laced with harmful code.

Suffolk used the media to confirm his claims that although Huawei is embroiled in its own allegations around cybersecurity, no tangible backdoors or cyber compromises have been found. He also reiterated the company’s pledge to work with customers to shore up their cyber defences when using equipment from the Chinese company.

The focus of the U.S. allegations is that in addition to receiving Chinese state support, Huawei is vulnerable to intelligence tasking by Beijing within overseas markets—either to steal or disrupt. Suffolk told the media that if the company’s CEO Ren Zhengfei was ever asked to compromise the company, “he would blankly refuse to do that—if he was pressurized to do that, he would close the company down.”

Earlier in the week, a surprise EU report warned that the combination of new technologies and 5G networks risks hostile state control of critical infrastructure, logistics, transportation even law enforcement. The report didn't name China or Huawei, but did reference sole 5G suppliers from countries “with poor democratic standards,” for which the reference to Huawei and China was clear.

There will more surprises with this latest revelation from Huawei—the sheer scale of the cyberattacks will raise eyebrows, as will the obvious references back to the company’s claims against the U.S. last month.

October could prove to be a significantly better month for the tech giant than September. Having managed to launch the Mate 30 Series absent U.S. tech, and with U.S. President Trump now signalling a softening in blacklist restrictions and progress in trade talks with China, Huawei execs will be hopeful of some welcome relief from both the sanctions and the headlines.

No comments: