It is clear that China has stepped up its cyber espionage capabilities, but what is its aim?

It is no surprise that China’s cyberwarfare is becoming increasingly alarming to the West. While the US and the UK have been aware of China’s cyber capabilities for some time now, 2021 has shown that the level of hacking coming out from China is more of a severe threat to the West than it ever was before.

The accusations of state-sponsored hacking from China have been rising over the past few years, most notably in the exploitation of vulnerabilities in Microsoft’s Exchange company server software in March 2021. It affected hundreds of thousands of organisations worldwide, allowing hackers to siphon off company emails for espionage purposes, with the help of an easy to use “web shell” tool. This allows anybody with the right password to hack into a compromised Exchange server.

The US, UK, EU and NATO accused the Chinese Communist Party (CCP) of being behind this offensive and even blamed the Ministry of State Security (MSS) for directing the activity.

It is clear that China has stepped up and greatly improved its cyber capabilities. But what is the aim of China’s cyber espionage operations? Well, it is the same goal as traditional espionage – information. With this, China can use information gathered from the cyber sphere to assist in their foreign goals and their domestic ones, such as, national security and social stability. Both of these are essential to China’s domestic objectives.

But recently, US officials have accused China of becoming more flagrant in their cyber operations. They have been targeting trade secrets and stealing technologies from various countries and companies.

Chinese hackers have targeted secrets from industries including aviation, defence, education, government, healthcare, biopharmaceutical, and maritime industries.

China’s recent escalation of their cyber capabilities is likely a reaction to the US’s dominance in that sector. China is more and more dependent on information networks in all aspects, including in defence.

Three espionage pillars

While some of the details are unconfirmed, it is understood that China organises its cyber espionage operations into three sectors.

The first is the “Specialised Military Network Warfare Forces”, focusing on network attack and defence, and the second are government employees from the Ministry of State Security (MSS) and the Ministry of Public Security (MPS), which focus on control of information.

The last are “non-governmental forces”. These are civilian hackers and hacker groups that spontaneously engage in network attack and defence. This last band is contracted by the CCP in order to carry out cyber-attacks on behalf of the Chinese government, but which still gives them plausible deniability.

It could be argued that China has a fourth branch of their cyber operations – North Korea. With only 1% of the population having access to the internet, it is a wonder that North Korea has produced some of the world’s most proficient hackers.

North Korea’s cyber capacity relies on China’s support in terms of both hardware and software. It is also alleged that telecommunications giant, China Unicom, provides and maintains all Internet links with the North, and some estimate that thousands of North Korean hackers operate on Chinese soil.

Cyber-attacks conducted by North Korea are unusual as the state is the only nation in the world whose government is known to conduct cyber-attacks for monetary gain.

The Reconnaissance General Bureau (RGB), a unit which is a part of military intelligence, are trained specifically for this purpose. UN experts stated that North Korea generated an estimated $2 billion for its weapons programs by using “increasingly sophisticated” cyber-attacks to steal from financial institutions including the Bangladesh bank heist of 2016.

What is the threat?

The West rightly should be concerned by these developments. China’s improvement in their cyber capabilities greatly benefits the CCP’s foreign and domestic objectives.

Strong Chinese cyber operations open new avenues for them to go down. Stealing trade secrets and gathering information is one thing, however, maybe China will take a leaf out of Putin’s playbook and start interfering in Western elections.

Seeing as China already uses North Korean hackers, we could see a coalition of Russian and Chinese state-sponsored hackers working together to undermine the West.

Whilst China is focused on long-term strategy for cyber power, the West, in particular the US, UK and Australia are not just lying-in wait. Various organisations have been established to combat cyber espionage and attacks such as the Cybersecurity and Infrastructure Security Agency (CISA) whose objective is to defend against cyber-attacks. The UK government also set up the National Cyber Security Centre (NCSC) to help combat cybercrimes.

However, organisations should not just rely on government alone to combat cybercrime.

Cyber security should be a top priority for every organisation regardless of size. Through law enforcement and intelligence capabilities, governments see potential threats from a national security perspective rather than a commercial one.

On the other hand, organisations have insights into commercial risks, but they struggle with state sponsored attacks because they have a limited view of nation-wide risks.

All told, there is need for proactive collaboration between the government and domestic organisations to combat cybercrimes. Merging their resources together including sharing intelligence from both perspectives, aligning cyber awareness with market needs and sharpen skills to scale up defence, will reduce the incessant attacks from state sponsored attackers.

The author of this opinion piece works for KCS Group Europe, a corporate intelligence consultancy company offering key proactive measures for cyber security support.

Mary Nwaojei is head of cyber and information security, CEH, CISA, KCS Information Services.