Pages

26 August 2024

The Geopolitics of Cyber Espionage Goes Far Beyond Sensitive Information Theft

Emilio Iasiello

Beijing has been using its media to counter U.S. and foreign government accusations over its cyber spying for several years, typically issuing denials and pointing at the United States’ own alleged cyber malfeasance. It has been a standard method of operations – a government will accuse China of hacking, often publishing a report or issuing public proclamations with limited evidence to justify the accusation in either instance, and Beijing will promptly retort. Recently, the U.S. Director of the Federal Bureau of Investigation testified before Congress, highlighting an alleged Chinese state-sponsored cyber espionage campaign dubbed “Volt Typhoon” that he said was purposefully embedding itself into U.S. critical infrastructure, waiting “for just the right moment to deal a devastating blow.” Unsurprisingly, China responded via its Embassy in the United States and refuted the claim tying Volt Typhoon to the work of cybercriminals, not Chinese state actors.

The U.S. government is not the only ones comfortable tying this activity to China. Both Microsoft and Google have come to the same conclusion and have shared their analysis and findings publicly. And while both have extensive pieces about the nature of the activity, and how it operates, when it comes to providing evidence of attribution, both are noticeably light. Volt Typhoon activity was first observed in mid-2021, conducting cyber intrusions into high-value targets like critical infrastructure organizations in countries around the world for the purposes of gaining and maintaining access without being detected. If true, this is consistent with what a state actor would do with respect to cyber espionage, and prepositioning itself to be able to leverage surreptitious accesses to execute more disruptive attacks later on should it feel necessary to do so.

No comments:

Post a Comment