Australia hit by 'sophisticated' cyber attacks, Indian firms may be on list: A look at why China could be the prime suspect
China has, in recent weeks, banned beef exports from Australia's largest abattoirs, ended trade in Australian barley with a tariff wall and warned its citizens against visiting Australia. These measures are widely interpreted as punishment for Australia's advocacy of an independent probe into the origins and spread of the coronavirus pandemic.
With Australian prime minister Scott Morrison revealing that his country has come under increasing attacks from a 'sophisticated State-based' actor amid a back and forth with China after advocating a probe into the origins of the coronavirus and reports of information websites, telecom firms and financial payment systems in India being targeted after a stand-off at Ladakh with the People's Liberation Army (PLA), the finger could, rather reasonably, be pointed at Beijing in both cases despite the fact that neither country has named names.
Indeed, ABC Television said government sources had confirmed that the attacker was China and Australian Strategic Policy Institute executive director Peter Jennings told The Australian it was "very clear" Beijing was behind the cyber attack. This as China has, in recent weeks, banned beef exports from Australia's largest abattoirs, ended trade in Australian barley with a tariff wall and warned its citizens against visiting Australia. These measures are widely interpreted as punishment for Australia's advocacy of an independent probe into the origins and spread of the coronavirus pandemic.
Meanwhile, companies and media firms in India — which is taking stock after 20 Indian Army personnel, including a colonel-rank officer, lost their lives in the violent face-off with Chinese troops in the Galwan valley area of Ladakh on 15 June, with Prime Minister Narendra Modi set to chair an all-party meet at 5 pm — may be on the hit list of hackers who want to teach it "a lesson" over the border stand-off.
While Foreign Policy magazine put the number of hackers in China between 50,000 and 100,000 soldiers way back in 2010, the developments would surprise hardly anyone who has been paying attention to the recent rapid strides China has made in cyber space.
'PLA rapidly modernising'
In 2019, the United States Department of Defence (DOD), in its annual report to Congress, also warned that the People's Liberation Army (PLA) was "rapidly modernising" and highlighted its growing ability to exploit cyber space to offset its rivals' traditional advantages. The 2019 Worldwide Threats Assessment put together by Dan Coats, the former Director of National Intelligence, found that China “presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems.”
The PLA has consistently advocated cyber warfare to achieve a range of operational objectives, such as targeting an adversary’s command, control, and communications (C3) and logistics networks to hamper its ability to generate combat power during the early stages of an armed conflict, as per the DOD report.
Its cyber warfare capabilities can also be used to collect intelligence or to serve as a force-multiplier when coupled with conventional kinetic attacks, the report further stated.
“PLA researchers believe that building strong cyber capabilities are necessary to protect Chinese networks and advocate seizing ‘cyber space superiority’ by using offensive cyber operations to deter or degrade an adversary’s ability to conduct military operations against China,” the DoD noted.
"Chinese writings suggest cyber operations allow [the PLA] to manage the escalation of a conflict because cyber-attacks are a low-cost deterrent,” it further added, noting that this enables China to scale these attacks to achieve desired conditions with minimal strategic cost.
Gulf War opens Beijing's eyes
Indeed, the history of China using cyber attacks (allegedly) to keep its rivals off balance dates back at least two decades, with the academic discussion of cyber warfare going back to the mid-1990s and having its origins in a US military campaign.
As per Carnegie Endowment for International Peace, it was the US military's application of high technologies during the Gulf War — and subsequent operations in Kosovo, Afghanistan, and Iraq— that made Beijing aware there was no way to adequately defend itself without following the changes in the forms of war in which high technologies, mainly information technologies, play more critical roles.
The first time the Chinese military publicly addressed cyber warfare from a holistic point of view was in the 2013 version of “The Science of Military Strategy”, a study by the Academy of Military Science, which emphasised that cyber space has become a new and essential domain of military struggle in today’s world, as per the report.
Beijing struck a similar tone in the 2015 Ministry of National Defense paper entitled “China’s Military Strategy,” which addressed cyber security for the first time in an official military document and defined cyberspace as a “new pillar of economic and social development, and a new domain of national security.”
A history of recent cyber violence
In May, a cyber security firm claimed to have uncovered a years-long online Chinese espionage operation targetting governments across the Asia-Pacific, including (surprise surprise) Australia. The Chinese group Naikon, which has been off the radar of experts for the past few years, used documents emailed to government targets in Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei to access government networks, search for confidential documents, steal data, take screenshots, and installing key loggers to gather passwords.
While the firm did not state that Naikon was linked to the Chinese government, a 2015 report by a Washington-based security firm called ThreatConnect claimed it was a unit of the Chinese People’s Liberation Army (PLA).
In May, US officials said China-linked hackers were breaking into American organisations carrying out research into COVID-19, warning both scientists and public health officials to be on the lookout for cyber theft.
In a joint statement, the Federal Bureau of Investigation and the Department of Homeland Security said the FBI was investigating digital break-ins at US organizations by China-linked “cyber actors” that it had monitored “attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”
In March, cyber security group FireEye released research showing that the prolific Chinese group APT41, recently stepped up its attacks on health care, pharmaceutical and other sectors. The group, which FireEye previously assessed with “high confidence” is State-sponsored, was found to have widely targeted companies in almost two dozen countries between January and March 2020.
APT41 launched one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years,” as per experts from the cyber security group.
In February, the US charged four Chinese military hackers in the 2017 breach of the Equifax credit reporting agency that affected nearly 150 million American citizens. The hackers spent weeks in the Equifax system, breaking into computer networks, stealing company secrets and personal data. The hackers routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location.
The State-sponsored hacking group APT10, believed to act for the country's Ministry of State Security, was reported to the be the most likely culprit behind a cyber campaign in July 2019 targeting US utility companies.
APT10 also hit the headlines in June 2019, when it was reported that the systems of at least ten cellular carriers around the world to steal metadata related to specific users linked to China has been compromised, ostensibly by the group.
Also in June 2019, Reuters reported about how hackers working for China’s ministry of state security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients. Reuters initially identified two companies: Hewlett Packard Enterprise, IBM and later found at least six other technology service providers were compromised: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology.
Reuters has also identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, US Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.
With input from agencies
The “strong” recommendation replaces previous conditional recommendations for their use and is based on emerging evidence from laboratory studies that these drugs are not likely to work against currently circulating variants, such as Omicron
Cross-border freight train services were suspended in late April, after China's border town of Dandong reported coronavirus outbreaks, reports said at the time. Pyongyang confirmed its own Omicron variant outbreak soon after
CloudSEK is among the entities that provides cyber threat intelligence to Indian cyber security watchdog CERTin