search("latest cyber threats from China", recency_days=30)

tool_error

Error when executing command `click(0)`
Failed to fetch page w/ URL: https://www.fdd.org/analysis/2023/11/06/defense-department-report-highlights-cyb... (URL truncated at 80 chars)
Timeout fetching url https://www.fdd.org/analysis/2023/11/06/defense-department-report-highlights-cyber-threat-from-china/
ChatGPT, before attempting another click, look carefully at the currently visible information. Is there enough information on the page or in the search results to answer the user now? If so, go ahead and do that.

Error when executing command `click(2)`
Failed to fetch page w/ URL: https://www.realcleardefense.com/2023/11/07/dod_report_highlights_the_increasing... (URL truncated at 80 chars)
Error fetching url https://www.realcleardefense.com/2023/11/07/dod_report_highlights_the_increasing_cyber_threats_from_china_991108.html
ChatGPT, before attempting another click, look carefully at the currently visible information. Is there enough information on the page or in the search results to answer the user now? If so, go ahead and do that.

China, Ukraine, and Israel in the cyberwar spotlight as tensions rise | CSO Online (www.csoonline.com)


With active kinetic wars in two major global arenas and fears that China is stealthily infiltrating critical infrastructure for future cyber disruption, experts at this year’s Cyberwarcon painted a picture of the growing harm that malicious cyber tools can wreak. 

[Image 0: major cyber attack global international cybersecurity] 

【52†Credit: ioat/Shutterstock†www.shutterstock.com】 

As military conflicts cause devastating real-world harm in the physical realm, the governments of Ukraine and Israel are battling escalating cyber harms from nation-state and non-state threat actors. Against this backdrop, the US government is increasingly alarmed about 【53†China and its capabilities】 of slipping into active cyberwarfare mode.

At this year’s 【54†Cyberwarcon†www.cyberwarcon.com】, top government and industry experts gathered to examine the complex, multi-theater arenas in which known and emerging cyberattacks and digital threats are arising amid unpredictable wartime conflicts. Emerging from these talks are signs of Russian cyber aggression growing more destructive, a still-fluid landscape of disinformation and digital disruption in the Middle East, and the prospect that the ongoing and hard-to-spot infiltration of US critical infrastructure by Chinese hackers could be laying the groundwork for dangerous actions ahead.

## China’s capacity for destructive threats looms large

Although China is best known for using its vast cyber skills to engage in intellectual property theft and espionage, it’s not comforting that a Chinese law passed in 2021 forces tech companies operating in the country to report the discovery of hackable flaws to a National Vulnerability Database within 48 hours of their discovery before a patch is available. The new law comes with a host of restrictions on what security researchers can say about the flaws they discover, likely leading to a secret stockpile of zero-day flaws that can be shared with China’s Ministry of State Security, which oversees the country’s state-sponsored hacking operations.

Speaking at Cyberwarcon, Dakota Cary, a nonresident fellow at the Atlantic Council’s Global China Hub, and Kristin Del Rosso, public sector field CTO for Sophos, walked through 【55†their research†www.atlanticcouncil.org】 on the functioning and implications of the new flaw. “I think a few people are starting to understand the severity of this,” Del Rosso said.

This zero-day stockpiling has led to “an uptick in the amount of Chinese use of zero-day vulnerabilities to get into US critical infrastructure,” Morgan M. Adamski, director of NSA’s Cybersecurity Collaboration Center, said at the event. In urging the industry to collaborate with her agency on China, Adamski warned that “the PRC has significant resources. The US government has come out and said that their resources outnumber the US and all of our allies combined.”

China’s ability to evade detection and attribution is a critical factor in why the US government has stepped up its efforts to educate the industry about the cyber dangers China poses. “One of the main concerns that we have is that the PRC continues to use US domesticated infrastructure to hide their activities and evade detection by government and industry,” Adamski said. “They’re using a large number of covert infrastructure and networks to gain access into US critical infrastructure.”

China’s penetration of US critical infrastructure is a long-term proposition. It is, Adamski said, “prepositioning with the intent to quietly burrow into critical networks for the long haul.”

One technique China, specifically the threat group known as Volt Typhoon, is using to burrow into US networks is living off-the-land or using existing, ordinary products that threat actors use to evade detection better, Josh Zaritsky, the chief operations officer of the NSA’s Cybersecurity Collaboration Center, said. “They want to maintain deniability that they did anything, even if they do get caught. So, by leveraging the things already in the environment, there’s not as much to go on with this actor.”

Regarding Volt Typhoon, “We have not seen signs of computer attacks,” Mark Parsons, principal threat intelligence analyst at Microsoft’s Threat Intelligence Center, said. “We know that’s always the impression. We have not seen signs of that so far, but it’s something we’re obviously looking out for. We have observed [Volt Typhoon] spending a lot of time wanting to maintain persistence inside networks. They’re doing lots of things to try to maintain that persistence, and they are in it for the long haul.”

China, Ukraine, and Israel in the cyberwar spotlight as tensions rise | CSO Online

search("China cyber threat 2023 analysis")

China Cyber Threat Overview and Advisories | CISA (www.cisa.gov)


quote_lines(162, 162)
quote_lines(166, 166)
quote_lines(170, 170)

The Office of the Director of National Intelligence’s 2023 Annual Threat Assessment makes clear the cyber threat posed by the People’s Republic of China (PRC): “China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the U.S. homeland. . . China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems."

China Cyber Threat Overview and Advisories | CISA

  * Review the Joint Cybersecurity Advisory on 【65†People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection】. This Advisory focuses on a tactic called Living off the land, or LOTL, a set of techniques used by cyber actors to maintain anonymity within IT infrastructures by abusing tools already present in the environment such as PowerShell, Windows Management Instrumentation (WMI), and file transfer protocol (FTP) clients. By using such native tools, this fileless attack makes it easier for cyber actors to sustain and advance attacks and evade detection from security teams. LOTL has been growing in use over the years by state-sponsored threat actors, cyber criminals, and penetration testing teams. In particular, CISA recommends that every organization take the following steps to reduce the risk of adversaries using LOTL techniques: 

  * Prioritize mitigation of 【66†Known Exploited Vulnerabilities】, including those outlined in our joint advisory on the 【67†top Common Vulnerabilities and Exposures (CVEs)】 used since 2020 by PRC cyber actors. 

search("China cyber threat analysis 2023")

China, North Korea pursue new targets while honing cyber capabilities   - Microsoft On the Issues (blogs.microsoft.com)


quote_lines(178, 178)
quote_lines(182, 182)
quote_lines(186, 186)
quote_lines(188, 188)
quote_lines(190, 190)
quote_lines(194, 194)

In the past year, China has honed a new capability to automatically generate images it can use for influence operations meant to mimic U.S. voters across the political spectrum and create controversy along racial, economic, and ideological lines. This new capability is powered by artificial intelligence that attempts to create high-quality content that could go viral across social networks in the U.S. and other democracies. These images are most likely created by something called diffusion-powered image generators that use AI to not only create compelling images but also learn to improve them over time.

China, North Korea pursue new targets while honing cyber capabilities   - Microsoft On the Issues

We have observed China-affiliated actors leveraging AI-generated visual media in a broad campaign that largely focuses on politically divisive topics, such as gun violence, and denigrating U.S. political figures and symbols. This technology produces more eye-catching content than the awkward digital drawings and stock photo collages used in previous campaigns. We can expect China to continue to hone this technology over time, though it remains to be seen how and when it will deploy it at scale.

In its cyber operations, multiple Chinese state-affiliated threat actors have focused cyberattacks in the South China Sea region, conducting intelligence collection and malware execution against regional governments and industries. Other actors have targeted the U.S. defense industry and U.S. infrastructure, looking for competitive advantages to bolster strategic military aims.

Beginning in May 2023, 【133†Storm-0558, a China-based threat actor, accessed Microsoft customer email accounts†www.microsoft.com】 of approximately 25 organizations including U.S. and European government entities. Microsoft assesses this activity was likely conducted for espionage purposes and has successfully blocked this campaign.

The report also details how China has continued its global efforts to spread state-sponsored propaganda and soften the country’s image abroad. The Chinese government is investing resources in messaging to audiences in more languages, on more platforms, while evolving its techniques. For example, we know China employs more than 230 state media employees and affiliates who masquerade as independent social media influencers across all major Western social media platforms.

While China-based threat groups continue to develop and utilize impressive cyber capabilities and IO operations, we have not observed China to combine cyber and influence together – unlike 【134†Iran】 and 【135†Russia,】 which regularly engage in hack-and-leak campaigns.

China's Evolving Cyber Threat

An automated cyber threat intelligence expert configured and trained by Bob Gourley. Pls provide feedback. Find Bob on X at @bobgourley