With Claims of US Cybersecurity at ‘Kindergarten Level’ vs China, What Threats Do We Currently Face?
With America currently engaged in a persistent cyberwar, the Cybersecurity and Infrastructure Security Agency (CISA) issued a new alert on Thursday regarding the Ongoing Cyber Threats to US Water and Wastewater Systems. The alert served as just another reminder of the dangers that exist to America’s critical infrastructure.
While the past several years have seen attacks on the United States from North Korea, Russia, Iran, and others, China in particular is thought to pose the gravest threat. We have been aware since at least 2015 that the NSA had already documented over 600 instances of “corporate, private or government 'Victims of Chinese Cyber Espionage' that were attacked over a five-year period, with clusters in America's industrial centers," according to media reports.
But disturbingly, amid these reports of new attacks comes the revelation that a Pentagon official that was involved in identifying secure software for the Department of Defense (DOD) resigned from his position due to his opinion that US “AI capabilities and cyber defenses of some government departments were at kindergarten level.”
Nicolas Chaillan, who worked for the US Air Force at the Pentagon, told the Financial Times this week that "We have no competing fighting chance against China in fifteen to twenty years. Right now, it's already a done deal; it is already over in my opinion,"
These claims lead us to ask more serious questions including, “What are the more prolific threats we currently face from China?” Chinese Advanced Persistent Threat groups, of which there are several, present the most danger to the United States. They have already been involved in attacks that have touched virtually every segment of the American economy and the industries that drive it. Here are some that you ought to be familiar with:
APT 1: APT1, which is also known as Comment Crew, is an advanced persistent threat (APT) group with linked to the Chinese military. The hackers, who have been active from roughly 2006 to 2018, targeted over 140 US companies seeking corporate and intellectual property data in Operation Seasalt. The group uses HTML comments to disguise communication to command-and-control servers and would usually leverage spear-phishing campaigns utilizing emails which contain documents with names related to their target, such as “ArmyPlansConferenceOnNewGCVSolicitation.pdf,” or “Chinese Oil Executive Learning From Experience.doc.”
APT 31: APT31, which is also known as Zirconium, also specialize on intellectual property theft, with a focus on data and projects that make their victims competitive in their field. According to reports, APT31 conducts operations at the behest of the Chinese Government. They target upstream providers, including law firms and managed service providers, to facilitate additional attacks against high-profile assets. In addition to spear-phishing attacks, APT 31 leverages URL “web bugs” and scheduled tasks to automate credential harvesting.
APT 40: APT40, which is also known as Hafnium, was responsible for the Microsoft Exchange Hacks as well as other major Ransomware campaigns. Before this March, when Microsoft released an Exchange patch, "tens of thousands of computers and networks worldwide" had been exploited, according to White House. The White House also cited the fact that the European Union, the United Kingdom and NATO also asserted that the Chinese government was behind backing Hafium.
APT 41: APT41, which is also known as Double Dragon, Barium, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie and Blackfly, are known for their duality as they moonlight between espionage supported by the Chinese state and their own financially motivated activities in their downtime. Among their notable heists was their attack against TeamViewer, the popular software which allows computers to be controlled remotely, which was hacked in June of 2016.
As we study America’s adversaries, it becomes obvious that the US cannot afford to lag China, Russia or any other cyber combatant as the stakes only get higher in the ongoing underreported cyber world war. This week’s optics and an aura of weakness and ineptitude in US Cyber capabilities will only subject America to additional attacks, so at the very least, a renewed commitment to funding American cyber programs is vital.
Julio is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. Julio’s writing focuses on cybersecurity and politics. Websites including Newsmax, Townhall, American Thinker and BizPacReview have published Julio’s work.