Assessment of Presumed Cyber-Intelligence Operations of the People’s Republic of China:
Overview of Procedures and International Impacts
Copyright (c) 2024 Lendvai Tünde
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
The research aims to provide an overview of the People’s Republic of China’s presumed cyber intelligence activities in the international context. It utilizes qualitative analysis of secondary sources and publicly attributed case studies from the past 5-7 years. Operations launched in the US after 2015, such as the Marriott, Equifax, and Anthem incidents, were driven by economic, technological, and political motives. The acquired data might be used for developing data-driven technologies (AI, ML) and IoT tools. US investigative agencies suspect a broader Chinese cyber intelligence campaign, posing national security risks by combining acquired databases with sensitive information and personal data obtained from the Office of Personnel Management of federal employees (OPM data theft) until 2015.
Keywords:
References
BBC (2020): Equifax: US Charges Four Chinese Military Officers Over Huge Hack. BBC, 2020. február 11. Online: https://www.bbc.com/news/world-us-canada-51449778
BERZSENYI Dániel (2023): Különleges kiberműveletek: A kiber különleges műveleti képesség és kialakításának vizsgálata. PhD-disszertáció. Budapest: Nemzeti Közszolgálati Egyetem Hadtudományi Doktori Iskola. Online: https://doi.org/10.17625/NKE.2023.012
BIANCO, David (2013): Pyramid of Pain: A Model for Prioritizing Which Indicators of Compromise To Address First. Online: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
BING, Christopher et al. (2021): Exclusive: Suspected Chinese Hackers Used SolarWinds Bug to Spy on U.S. Payroll Agency – Sources. Reuters, 2021. február 2. Online: https://www.reuters.com/article/us-cyber-solarwinds-china-exclusive-idUSKBN2A22K8
CAMPBELL, Caitlin (2021): China's Military: The People's Liberation Army (PLA). Congressional Research Service, 2021. június 4. Online: https://crsreports.congress.gov/product/pdf/R/R46808
CIMPANU, Catalin (2021): Windows 10, iOS 15, Ubuntu, Chrome Fall at China’s Tianfu Hacking Contest. The Record, 2021. október 17. Online: https://therecord.media/windows-10-ios-15-ubuntu-chrome-fall-at-chinas-tianfu-hacking-contest/
DOBÁK Imre – TÓTH Tamás (2021): Régi módszerek a kibertérben? (CYBER-HUMINT, OSINT, SOCMINT, Social Engineering). Belügyi Szemle, 69(2), 195–212. Online: https://doi.org/10.38146/BSZ.2021.2.2
Electronic Transactions Development Agency (2021): Threat Group Cards: A Threat Actor Encyclopedia – APT Group: Comment Crew, APT 1. Online: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b99367ed-e483-40a3-98d0-8d3a2102a4ab
Electronic Transactions Development Agency (2022a): Threat Group Cards: A Threat Actor Encyclopedia – All Groups from China. Online: https://apt.etda.or.th/cgi-bin/listgroups.cgi?c=China
Electronic Transactions Development Agency (2022b): Threat Group Cards: A Threat Actor Encyclopedia – APT Group: APT 19, Deep Panda, C0d0so0. Digital Service Security Center, ETDA. Online: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=58c7e347-341c-4446-bf03-81fc1f7d9254
Flashpoint Team (2022): Guide to Cyber Threat Intelligence: Elements of an Effective Threat Intel and Cyber Risk Remediation Program. Online: https://flashpoint.io/blog/guide-to-cyber-threat-intelligence/
FRIIS, Karsten – LYSNE, Olav (2021): Huawei, 5G and Security: Technological Limitations and Political Responses. Development and Change, 52(5), 1174–1195. Online: https://doi.org/10.1111/dech.12680
FRUHLINGER, Josh (2020a): The OPM Hack Explained: Bad Security Practices Meet China's Captain America. CsO, 2020. február 12. Online: https://www.csoonline.com/article/3318238/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html
FRUHLINGER, Josh (2020b): Marriott Data Breach FAQ: How Did It Happen and What Was the Impact? CSO, 2020. február 12. Online: https://www.csoonline.com/article/3441220/marriott-data-breach-faq-how-did-it-happen-and-what-was-the-impact.html
GREENBERG, Andy (2021): The Full Story of the Stunning RSA Hack Can Finally Be Told. Wired, 2021. május 20. Online: https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/
GREIG, Jonathan (2024): Us Sanctions Alleged Chinese State Hackers for Attacks on Critical Infrastructure. The Record, 2024. március 25. Online: https://therecord.media/us-sanctions-chinese-hackers-infrastructure-attacks
GYEBNÁR Gergő (2023): The Future of Industrial Threat Intelligence. Black Cell Magyarország Kft. Online: https://web.archive.org/web/20230419093133/https://blackcell.io/blog/2023/04/19/the-future-of-industrial-threat-intelligence/
HANNAS, W. C., & TATLOW, D. K. (EDS.). (2020): China's Quest for Foreign Technology: Beyond Espionage. Routledge. 2020. szeptember 30. ISBN 9780367473570. DOI: https://doi.org/10.4324/9781003035084
HOLLANDER, Jordan (2023): Marriott Data Breach FAQ: What Really Happened? HotelTechReport, 2023. február 16. Online: https://hoteltechreport.com/news/marriott-data-breach
INKSTER, Nigel (2015): The Chinese Intelligence Agencies – Evolution and Empowerment in Cyberspace. In LINDSAY, Jon R. – CHEUNG, Tai Ming – REVERON, Derek S. (szerk.): China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. Oxford University Press, 29–50. Online: https://doi.org/10.1093/acprof:oso/9780190201265.003.0002
KASKA, Kadri – BECKVARD, Henrik – MINÁRIK, Tomáš (2019): Huawei, 5G and China as a Security Threat. NATO Cooperative Cyber Defence Center for Excellence (CCDCOE), 28, 1–26. Online: https://ccdcoe.org/library/publications/huawei-5g-and-china-as-a-security-threat/
KASZIÁN Ábel Gergő (2021): A GDPR kínai „unokatestvére” – avagy a kínai adatvédelmi törvény megszületése és várható hatásai. Jogi fórum, 2021. szeptember 20. Online: https://www.jogiforum.hu/publikacio/2021/09/20/a-gdpr-kinai-unokatestvere-avagy-a-kinai-adatvedelmi-torveny-megszuletese-es-varhato-hatasai/
KREBS, Brian (2015): Catching Up on the OPM Breach. Krebs on Security, 2015. június 15. Online: https://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/
LEE, J. (2022): Cyberspace Governance in China: Evolution, Features and Future Trends. Asie Visions, (129). Ifri. 2022. július 29. ISBN: 979-10-373-0573-2 Online: https://www.ifri.org/en/publications/notes-de-lifri/asie-visions/cyberspace-governance-china-evolution-features-and-future
LIMA DA FROTA ARAUJO, Carlos Raul – SZUNOMÁR Ágnes (2022): Kelet-Közép-Európa a digitális selyemúton? Lehetséges politikai gazdaságtani magyarázatok. Közgazdasági Szemle, 69(3), 367–388. Online: https://doi.org/10.18414/KSZ.2022.3.367
LINDSAY, Jon R. – CHEUNG, Tai Ming (2015): From Exploitation to Innovation: Acquisition, Absorption, and Application. In LINDSAY, Jon R. – CHEUNG, Tai Ming – REVERON, Derek S. (szerk.): China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. Oxford University Press, 51–86. Online: https://doi.org/10.1093/acprof:oso/9780190201265.003.0003
LINDSAY, Jon R. – CHEUNG, Tai Ming – REVERON, Derek S. szerk. (2015): China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. Oxford University Press. Online: https://doi.org/10.1093/acprof:oso/9780190201265.001.0001
LUSTHAUS, Jonathan – BRUCE, Miranda – PHAIR, Nigel (2020): Mapping the Geography of Cybercrime: A Review of Indices of Digital Offending by Country. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 2020. szeptember 7–11. Online: https://doi.org/10.1109/EuroSPW51379.2020.00066
MACASKILL, Andrew – PEARSON, James (2024): Britain Says China Hacked Electoral Watchdog, Targeted Lawmaker Emails. Reuters, 2024. március 25. Online: https://www.reuters.com/world/uk/uk-deputy-pm-set-address-lawmakers-chinese-cyber-security-threat-2024-03-24/
MATURA Tamás et al. (2022): Risky Business? Assessing Political Economic and Technological Risk Perceptions of Relations between the People's Republic of China and Hungary. Budapest: Central and Eastern European Center for Asian Studies.
MCGARRY, Pat (2022): Lessons Learned from the Marriott Hack of 2022. Threater, 2022. júius 9. Online: https://www.threatblockr.com/blog/lessons-learned-from-the-marriott-hack-of-2022
MÉSZÁROS R. Tamás (2021): Annyi adatot gyűjtöttek, hogy a Kínai Kommunista Párt is megijedt tőle. G7, 2021. július 25. Online: https://g7.hu/vilag/20210725/annyi-adatot-gyujottek-hogy-a-kinai-kommunista-part-is-megijedt-tole/
NAKASHIMA, Ellen – TIMBERG, Craig (2018a): U.S. Investigators Point to China in Marriott Hack Affecting 500 million guests. Washington Post, 2018. december 12. Online: https://www.washingtonpost.com/technology/2018/12/12/us-investigators-point-china-marriott-hack-affecting-million-travelers/
NAKASHIMA, Ellen – TIMBERG, Craig (2018b): Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing. Washington Post, 2018. december 11. Online: https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html
PEARSON, James – SATTER, Raphael – BING, Christopher (2024): US, UK Accuse China of Cyberespionage That Hit Millions of People. Reuters, 2024. március 25. Online: https://www.reuters.com/technology/cybersecurity/us-sanctions-chinese-cyberespionage-firm-saying-it-hacked-us-energy-industry-2024-03-25/
PENNINO, Alex – BROMILEY, Matt (2022): GAME OVER: Detecting and Stopping an APT41 Operation. Mandiant, 2019. augusztus 19. Online: https://www.mandiant.com/resources/blog/game-over-detecting-and-stopping-an-apt41-operation
PLAN, Fred et al. (2024): APT40: Examining a China-Nexus Espionage Actor. Mandiant. Online: https://www.mandiant.com/resources/blog/apt40-examining-a-china-nexus-espionage-actor
P. SZABÓ S. (2020): A Kínai Népköztársaság „kétvágányos” külpolitikája. In: P. SZABÓ Sándor – HORVÁTHNÉ VARGA POLYÁK Csilla (szerk.): Lehetőségek és kihívások a magyar–kínai kapcsolatok területén. I. kötet. Politikai kapcsolatok. Budapest: Ludovika, 9–28.
SEGAL, ADAM (2020): China’s Pursuit of Cyberpower. In SEGAL, Adam et al.: The Future of Cybersecurity across the Asia-Pacific. Asia Policy, (15)2, 60–66. Online:
https://doi.org/10.1353/asp.2020.0034
SMITH, Zhanna Malekos (2022): Emerging Cyber Threats: No State Is an Island in Cyberspace. CSIS, 2022. március 23. Online: https://www.csis.org/analysis/emerging-cyber-threats-no-state-island-cyberspace
SOARE, Bianca (2022): What is Mimikatz? What Can It Do and How to Protect. Heimdal, 2022. december 7. Online: https://heimdalsecurity.com/blog/mimikatz/
SZELECZKI Szilveszter (2022): A kiberhírszerzés értelmezése és helye a nemzetbiztonságban. Nemzetbiztonsági Szemle, 10(4), 17–29. Online: https://doi.org/10.32561/nsz.2022.4.2
USA White House, Office of the Press Secretary (2015): FACT SHEET: President Xi Jinping’s State Visit to the United States. Cybersecurity. Online: https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states
US Department of Justice (2024): Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians. 2024. március 25. Online: https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived
YANG, Fan (2022): The Problem with Ill-Substantiated Public Cyber Attribution: A Legal Perspective. In LEVITE, Ariel E. et al. (szerk.): Managing U.S.-China Tensions Over Public Cyber Attribution. Washington, D.C: Carnegie Endowment for International Peace, 6–14. Online: https://carnegieendowment.org/files/Perkovich_et_al_Cyber_Attribution_web.pdf
YOUNG, Kelli (2021): Cyber Case Study: Anthem Data Breach. Coverlink, 2021. szeptember 27. Online: https://coverlink.com/case-study/anthem-data-breach/