China has been pushing claims around Western hacking and espionage for more than two years now, but they lack crucial technical evidence, a new report by SentinelLabs says.
SentinelLabs, a cybersecurity threat intelligence platform, said that China’s offensive media strategy to push narratives around US hacking operations was launched after the United States, the United Kingdom, and the European Union jointly stated in July 2021 that China was behaving irresponsibly in cyberspace.
However, China hasn’t been able to validate its allegations. Until 2023, its claims simply recycled old, leaked US intelligence documents, but later, Beijing “dropped the pretense of technical validation and only released allegations in state media,” says the report.
Now, “some PRC cybersecurity companies coordinate report publication with government agencies and state media to amplify their impact,” SentinelLabs researchers say in the report.
China’s methods are contrasting to those used by cybersecurity agencies or companies in Western countries. When the latter ones attribute espionage activities to China or China-linked threat groups, they support their claims with technical details and evidence-based claims.
But “claims of espionage and cyber intrusion attributed to western nation-state agencies emanating out of China's Ministry of State Security and Chinese cybersecurity firms are notably lacking in the same kind of technical detail or evidential proof,” SentinelLabs said.
In fact, researchers say, China’s most prominent actors in the cybersecurity industry never independently established attribution of hacking inside China to any US-affiliated APTs (advanced persistent threats) – nor did the analysis of US-nexus hacking extend beyond tools and exploits.
Repeating China’s allegations helps the PRC shape global public opinion of the US. China wants to see the world recognize the US as the empire of hacking,"SentinelLabs.
China is certainly trying to portray itself as a country under constant attack from the nefarious West. But it’s mostly propaganda – it might be working for firewalled local audiences, but it’s certainly not effective in the international arena, SentinelLabs said.
Global Times, a Communist party mouthpiece, mentioned the US National Security Agency in connection to hacking tools or operations 24 times in 2022, for example. However, the reports did not draw from any new technical analysis by Chinese companies and, again, recycled old content.
Shaping global public opinion
Only in 2023 did China do something it hadn’t done before, researchers say: “It spread new allegations of US hacking apparently unrelated to past US intelligence leaks and entirely unsubstantiated.”
For example, in a series of publications by Global Times, the CEO of Chinese antivirus vendor Antiy claimed the US had hacked into seismic sensors of the Wuhan Earthquake Monitoring Center, but his statements are based on reports that do not appear to exist.
Just last week, Antiy also said that thousands of cyberattacks against China were allegedly detected in 2023, with their IP addresses being traced to the Philippines.
An information and communications ministry official from the Philippines earlier accused China of being behind a hacking operation targeting the Philippine government website and email systems, so it would seem Beijing deemed it necessary to release its own accusations – again, with no supporting technical evidence.
Ironically, SentinelLabs said that the fact that no detailed accounts of supposed attacks that analysts have come to expect from cybersecurity companies are published is beneficial to China.
“Accepting this asymmetry in data sharing benefits China, allowing the country to publish claims of foreign hacking without the requisite information. If analysts do not actively challenge the Chinese Communist Party’s claims, the government can lie with impunity,” said SentinelLabs.
“Repeating China’s allegations helps the PRC shape global public opinion of the US. China wants to see the world recognize the US as the empire of hacking.”
More from Cybernews:
Subscribe to our newsletter