Didi Kirsten Tatlow
Chinese state cyber actors are targeting infrastructure in military bases in the Asia-Pacific belonging to the United States and its allies, in an uptick in hacking activities aimed at sabotaging vital systems in the event of a conflict, intelligence and cybersecurity sources have told Newsweek.
"They have invaded computer systems, and they are able to sabotage, for example, military installations on Guam or any of the U.S. bases in Southeast Asia," said a Western intelligence source in a NATO nation, speaking on condition of anonymity due to the sensitivity of the issue.
"Pre-positioning" by China across critical online infrastructure in the Asia-Pacific was ongoing, according to a cybersecurity industry source in the region who was also granted anonymity due to the highly sensitive nature of the matter.
Pre-positioning in military parlance means to advantageously place soldiers and equipment—or in the digital age to embed malware in online networks—thus enabling fast action in a crisis. The practice aligned with China's strategic goals, namely sabotage and disruption in the scenario of a conflict in the Pacific, the source said.
Over the last decade, China has invested widely in its military and cyber capabilities as it challenges the U.S. for leadership in all areas including the economy and technology, military and global governance—a goal its leader, Xi Jinping, has set for 2049 at the latest.
The most likely military conflict between China and the U.S. is over Taiwan, which Beijing claims and has said it could take by force. Another flashpoint is the South China Sea, which China also claims and has heavily militarized including by building islands. About half a dozen nations contest ownership of territories and maritime zones in the energy-rich waters, and one, U.S. treaty ally the Philippines, is coming under increasing diplomatic and military pressure from China for refusing to acquiesce.
A Philippine soldier communicates by radio on June 29, 2023, in Mavulis Island in Batanes province in northern Philippines, just 86 miles from Taiwan. The Pentagon says it is working with allies to protect cybersecurity.
The FBI last week announced it had foiled attempts by a Chinese government-sponsored hacking ring to conceal its preparations for attacks on American critical infrastructure at home, part of an operation dubbed Volt Typhoon.
The agency "disrupted a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People's Republic of China (PRC) state-sponsored hackers," the FBI said last Wednesday.
A botnet is a network of computers covertly infected with malware that is steered by hostile actors. U.S. cybersecurity officials testified the same day in Congress that targeted systems included communications, water, energy, oil and gas pipelines, and more.
Yet at home, the targets are broader than civilian infrastructure, Newsweek has learned.
According to Steven Adair, founder and president of Volexity, a cybersecurity company in the D.C. area that has handled Volt Typhoon, "they are very interested in defense-oriented organizations. This would involve companies that work in the defense industrial base or are even defense-adjacent, even though they are not government entities themselves."
"These organizations are targeted for the work they do for the government, as it gives Volt Typhoon insight into U.S. defense-related work," Adair said in an interview.
Overseas, targets include allied nations in the Asia-Pacific region and nations involved in AUKUS, the U.S.-U.K.-Australia joint nuclear submarine development program, said the intelligence source who is from a NATO country.
"For sure, they are doing pre-positioning on military facilities, in all countries that have stakes in Southeast Asia: Australia, New Zealand, the Philippines, the U.S. That's the next level of confrontation," the source said. The person did not provide specifics about the classified information but said: "I am waiting for them to do it" in European allied nations, too. "Perhaps they already have."
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C., told Newsweek: "I am not aware of the situation concerned."
Australian Prime Minister Anthony Albanese, left,, U.S. President Joe Biden, center, and British Prime Minister Rishi Sunak, right, hold a press conference after a meeting during the AUKUS summit on March 13, 2023, in San.
Washington and Manila, which share a decades-old Mutual Defense Treaty, last year increased the number of Philippine bases where American troops are allowed to operate—from five to nine—as part of the Enhanced Defense Cooperation Agreement signed in 2014.
A Pentagon spokesperson described the cyber threat as "consistent and pervasive," telling Newsweek: "While we cannot get into detail on the nature of operations, the Department continues to work with its interagency partners to leverage available authorities to enable the defense of U.S. critical infrastructure and counter threats to military readiness at home and abroad. We are also sharing our concerns with allies and working with them to shore up their cybersecurity as well."
Gen. Paul Nakasone, who retired on February 1 after six years as head of U.S. Cyber Command and director of the National Security Agency, testified about China's overseas cyber penetration at a hearing of the House select committee on the Chinese Communist Party last Wednesday,
"You have to assume they're targeting our critical infrastructure in Guam and other territories in the Pacific," said committee chair Rep. Mike Gallagher (R-WI), who asked Nakasone: "What would an attack on that critical infrastructure mean for our ability to respond in the event of a crisis?"
"It could have a very significant impact on what we need to do to provide a series of different options that our commander in the Indo-Pacific region would want to respond with," Nakasone said, appearing to pick his words carefully. "Communications; an ability to be able to leverage our most lethal weapons systems. These are all areas that we would rely on."
Asked specifically about China's targeting of U.S. military and allied facilities, a Pentagon spokesperson said in an emailed response: "As the Department's cyber capabilities evolve, so do those of our adversaries. We are increasing operational resilience in all areas and our forces are also planning and training routinely so that we are prepared, if needed, to operate through disruption, whether from cyberattacks or extreme weather."
"The Department has also prioritized strengthening its cooperation with allies and partners in cyberspace, and we regularly exchange information to bolster our collective preparedness to deal with cyber threats and expand avenues of cyber cooperation. Sharing our concerns with allies and working with them to shore up their cybersecurity remains a priority for the Department," the spokesperson said.
In a press event last week attended by Newsweek, Gallagher, citing public reporting, said countries involved in the U.S.-led AUKUS pact were affected: "China's cyber warfare operation is also actively targeting our partners, nations directly tied to AUKUS in particular."
Liu, the Chinese embassy spokesperson, said Gallagher's committee "has been established to smear and slander China. It is driven by bias and hostility toward China, and what it says is simply unwarranted."
No comments:
Post a Comment