The United States and its foreign allies on Monday accused China of overseeing widespread attempts to extort money in cyberspace.US security agencies have issued a new advisory about a major threat to the cyberspace assets of the United States and its allies from Chinese state-sponsored cyber activities, including through ransomware attacks.
In a coordinated announcement, a Joint Cybersecurity Advisory (CSA) issued on Monday states that state-backed cyber actors aggressively target political, economic, military, educational, and critical infrastructure (CI) to steal sensitive data, and emerging key technologies, intellectual property, and personally identifiable information (PII).
An unprecedented group of US allies and partners, including the EU, the UK, Australia, Canada, New Zealand, Japan, and NATO, have joined in exposing and criticising China’s Ministry of State Security’s malicious cyber activities. This is the first time NATO has condemned China’s cyber activities.
The joint advisory exposes how some cyber actors target sectors that include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China’s long-term economic and military development objectives, the advisory said. The advisory, titled Chinese State-Sponsored Cyber Operations: Observed TTPs, provides information on nearly 50 tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors when targeting the US and allied networks.
The new advisory builds on previous National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) reporting to inform all government and private industry organizations about persistent methods through collaborative analysis.Some of the notable malicious threats identified by US security agencies include the acquisition of infrastructure and capabilities; exploitation of public vulnerabilities; and use of “encrypted multi-hop proxies”. In concerning development, state-backed Chinese cyber actors have been assessed to perform reconnaissance on widely used Microsoft®[?] 365 (M365), with the intent of further gaining information about the networks.