The Chinese government has responded to what it dismissed as “groundless speculations” after it was accused of masterminding a spate of hacking attacks that reportedly attempted to infiltrate networks linked to the US defense sector.
"Given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, it is important to have enough evidence when investigating and identifying cyber-related incidents," Chinese Foreign Ministry spokesperson Wang Wenbin told reporters at a regular press conference on 21 April.
When asked by an AFP journalist about earlier claims put forward by a US-based cyber security firm that at least two groups of Chinese hackers had been operating on behalf of the Chinese government, Wang directed attention toward Washington's own efforts on that score.
"As a matter of fact, the US is the biggest empire of hacking and tapping, as we all know. China firmly rejects any organisation or country throwing mud at China under the pretext of cybersecurity or using the issues to serve their political purposes," stated the spokesperson.
The response from China followed accusations levelled at Beijing by a California-based cybersecurity firm, FireEye.
Its incident response division, Mandiant, had published a report on 20 April claiming two hacking groups, possibly unrelated to each other, including one allegedly with ties to China, had exploited popular enterprise software between August 2020 until March 2021 to infiltrate defence, financial and public sector organisations in the US and Europe.
One of the alleged hacking groups was identified by the firm as using techniques ‘similar’ to a Chinese state-backed espionage group.
“We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post.
Without specifically offering any evidence tying the incident to China, FireEye claimed that attackers were exploiting both old vulnerabilities and one new one — in virtual private networking software created by Pulse Secure. The widely used remote connectivity tool is resorted to by firms and governments to manage data on their networks.
Mandiant Senior Vice President and CTO Charles Carmakal added:
“We suspect these intrusions align with data and intelligence collection objectives by China.”
According to Mandiant analysts, there exist at least 12 different families of malicious software connected to the exploitation of Pulse Secure VPN software.
While a permanent fix for the vulnerability is not anticipated to be available until May, Ivanti, the Utah-based IT company that owns Pulse Secure, has since recommended mitigating measures.
We identified 3 #zeroday vulnerabilities with Managed Defence in SonicWall’s Email Security (ES) product. The vulns were being exploited in the wild to obtain admin access and code execution on a SonicWall ES device.
— Mandiant (@Mandiant) April 20, 2021
Learn more in our blog post: https://t.co/sWKLNiIyx0 pic.twitter.com/xlr7wLmLMY
“A very limited number” of Ivanti customers are affected by the new flaw, Ivanti Chief Security Officer Phil Richards was cited as saying, suggesting that customers implement a security tool to check for any possible impact from the vulnerability.
Hackers associated with the China’s Ministry of State Security had been also blamed last year when Pulse Secure VPN was ostensibly exploited to infiltrate US government and private networks.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday that “US government agencies” and “critical infrastructure entities” had been breached in a hack attack.
“The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence,” said CISA.
In recent years, Washington has accused Beijing of engaging in a concerted effort to infiltrate public and private institutions abroad.
China has consistently readdressed the spying accusations to Washington, emphasising continued American global surveillance efforts and citing the NSA’s PRISM program.
“It is the United States that has been conducting massive cyber theft all over the world, even on its allies, since PRISM came out. It is a real empire of hacking and theft. The world can see through the US trick of smearing others and beautifying itself,” said the spokesperson at a press conference in December 2020.