Facebook
X
LinkdIn
Copy Link
When Britain’s chancellor of the exchequer Rachel Reeves visits Beijing this month on a mission to improve “economic and financial cooperation” she could well find her hosts surprisingly well informed about the global financial system and Donald Trump’s plans for it — thanks to China’s hyperactive and increasingly aggressive army of hackers.
Chinese hackers are becoming far more Russian in that they are looking increasingly at undermining their adversaries and not just stealing from them
The US Treasury on Monday revealed that it had become the victim of what it called a “major cybersecurity incident,” which it blamed on state-sponsored Chinese hackers who accessed workstations and viewed documents. The Treasury said the documents accessed were unclassified, that the infected workstations had been isolated and there was no evidence that the hacker was still inside the system. BeyondTrust, a software provider, spotted the hackers and said they gained access by stealing a security key. They did not say how many workstations were breached or precisely who they belonged to. Beijing angrily denied the accusations, which Mao Ning, a spokeswoman for the foreign ministry, described as “groundless.” China “has always opposed all forms of hacker attacks,” she insisted.
The Treasury hack caps a spate of increasingly aggressive cyberattacks blamed on China. These include the hacking of nine of America’s major telecommunications firms, enabling Beijing to gain access to private texts and phone conversations of prominent political and business leaders. These reportedly included president-elect Trump and his incoming Vice President J.D. Vance. The attack was blamed on a Chinese group dubbed Salt Typhoon (“Typhoon” being a moniker used to describe hackers sponsored by the Chinese government), and its extent and damage is still being assessed.
Earlier this year, the US and Britain accused Beijing of a decade-long hacking campaign that targeted politicians, journalists and businesses, as well as political dissidents and critics of China. They blamed China’s ministry of state security, its main spy agency, and imposed sanctions on a company which they said was a front for the ministry. In recent years, Beijing has invested heavily in a network of contractors as it has vastly expanded its cyber capabilities. Among recent British targets are the electoral commission, which had access to information on tens of millions of UK voters, and a company providing pay-roll services to the ministry of defense, which may have exposed the records of Britain’s armed forces, including bank details and names. Britain’s intelligence agencies have said that China is now their top priority, with Ken McCallum, the head of MI5, has describing Beijing’s espionage as “a sustained campaign on a pretty epic scale.”
Perhaps most worrying of all are the activities of another Chinese group dubbed Volt Typhoon, which were exposed late last year. Unlike other hacks blamed on Beijing, which have been espionage driven, aimed at gathering information or stealing technology and know-how, Volt Typhoon was intent on sabotage. Western intelligence officials said it targeted critical infrastructure, including naval ports, internet service providers, communications services and utilities — the latter including water, aviation and energy, according to the Jen Easterly, the director of the US Cybersecurity and Infrastructure Agency (CISA).
The group had apparently maintained access to systems for five years, pre-positioning destructive malware which could be activated for future acts of sabotage in times of conflict. CISA said that while the main target was US infrastructure, the infiltration was likely to have affected America’s “five eyes” allies — Canada, Australia, New Zealand and the UK. The Volt Typhoon revelations were particularly shocking to the intelligence community because it broke aggressive new ground for China, which had previously been renowned for its prolific campaigns of cyber theft. Experts have also noted that the techniques of the Chinese hackers, which used to be quite clunky and easier to detect, are becoming far more sophisticated. Chinese hackers are also becoming far more Russian in that they are looking increasingly at undermining their adversaries and not just stealing from them.
The timing of the Treasury Department hacking revelations could have significant geopolitical ramifications. They come just ahead of Donald Trump’s inauguration and the start of an administration which is heavy with those wanting a tougher line on China, who will see the hack as further evidence of Beijing’s malign intentions.
It also underlines the awkward timing of Reeves’s visit to Beijing, reportedly scheduled for the second week of January, during which she will discuss the re-opening of a Joint Economic and Trade Commission, set up in 1996 to promote trade and investment between the two countries, but suspended in 2020 after China imposed a national security law on Hong Kong. She will accompanied by Andrew Bailey, the Bank of England governor and Nikhil Rathi, chief executive of the Financial Conduct Authority. Cozying up to China sits awkwardly alongside a hardening of attitudes in Washington and Beijing’s growing cyber aggression.
Officials and business leaders visiting China these days are routinely advised to take burner phones and throwaway laptops, since no device can be deemed safe once it has been exposed to ubiquitous Chinese surveillance. Reeves will no doubt have received such briefings, which in itself speaks volumes about her government’s forlorn attempts to improve ties with an increasingly paranoid and hostile Beijing. She will no doubt want to keep her talking points to herself — assuming, that is, Beijing does not already have them.
