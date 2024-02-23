



Chinese hacking tools made public in recent days illustrate how much Beijing has expanded the reach of its computer infiltration campaigns through the use of a network of contractors, as well as the vulnerabilities of its evolving system. The new revelations underscore the extent to which China has ignored or evaded US efforts for more than a decade to curb its extensive hacking operations. Instead, China has also built up the cyber operations of its intelligence services and developed a spider web of independent companies to do the work. Last weekend in Munich, Christopher A. Wray, the director of the FBI, said that hacking operations from China were now directed against the United States on a larger scale than had been seen before. And at a recent congressional hearing, Mr. Wray said China's hacking program was larger than that of every other major nation combined. In fact, if you took every one of the FBI's cyber agents and intelligence analysts and focused them exclusively on the China threat, Chinese hackers would still outnumber the FBI's cyber personnel by at least 50 one, he said.

US officials said China had quickly built up that numerical advantage through contracts with firms such as I-Soon, whose documents and hacking tools were stolen and posted online last week. The documents showed that the I-Soons' widespread activities included targets in South Korea, Taiwan, Hong Kong, Malaysia, India and elsewhere. But the documents also showed that I-Soon was struggling financially and that it used ransomware attacks to bring in money when the Chinese government cut funding. US officials say this points to a critical weakness in the Chinese system. Economic problems in China and rampant corruption there often mean that money intended for contractors is hidden. Strapped for cash, contractors have increased their illegal activity, hacking for hire and ransomware, which has made them targets for retaliation and exposed other issues. The US government and private cybersecurity firms have long tracked Chinese espionage and malware threats aimed at stealing information, which have become almost routine, experts say. Far more troubling, however, have been Chinese cyber hacking efforts that threaten critical infrastructure.

The intrusions, dubbed Volt Typhoon after a Chinese hacking network that has infiltrated critical infrastructure, set off alarms across the US government. Unlike the I-Soon hacks, these operations have avoided the use of malware and instead use stolen credentials to surreptitiously access critical networks. Intelligence officials believe the intrusions were intended to send a message: that at any moment China could cut off electricity and water supplies, or communications. Some of the operations have been discovered near US military bases that rely on civilian infrastructure, particularly bases that would be involved in any rapid response to an attack on Taiwan. But even as China put resources into the Volt Typhoon effort, its work on more routine malware efforts has continued. China used its intelligence services and related contractors to expand its espionage activity. I-Soon is more directly related to China's Ministry of Public Security, which has traditionally been focused on domestic political threats, not international espionage. But the documents also show she has ties to the Ministry of State Security, which collects information both inside and outside China. Jon Condra, a threat intelligence analyst at Recorded Future, a security firm, said I-Soon had also been linked to Chinese state-sponsored cyber threats.

This represents the most significant leak of data linked to a company suspected of providing cyber espionage and targeted intrusion services to Chinese security services, Mr Condra said. The leaked material indicates that I-Soon is likely a private contractor acting on behalf of Chinese intelligence services. The US effort to curb Chinese hacking goes back to the Obama administration, when Unit 61398 of the People's Liberation Army, the Chinese military, was found to be behind intrusions into a wide swath of US industry, seeking to steal secrets for Chinese competitors. To China's anger, PLA officers were indicted in the United States, their photos placed on Justice Department posters. None have gone to trial. Then China was caught in some of the most daring data thefts from the US government: it stole more than 22 million security files from the Office of Personnel Management. Its hackers went undetected for more than a year, and the information they gathered gave them a deep understanding of who worked for what within the US government and what financial, health or relationship problems they faced. In the end, the CIA had to withdraw officers who were scheduled to enter China. The result was a 2015 agreement between President Xi Jinping and President Barack Obama aimed at curbing hacking, announced with fanfare in the White House Rose Garden. But within two years, China had begun developing a network of hacking contractors, a tactic that gave its security agencies some deniability.

In an interview last year, Mr. Wray said China had grown its espionage resources so large that it no longer had to do much to pick and choose its targets. They will follow everything, he said.

