Corporate cybersecurity is an increasingly important responsibility for American business leaders in a heightened hostile cyber environment, especially due to Chinese cyberattacks. Cyberattacks of large companies and governments are increasingly dominating front page headlines and leading to the loss of significant amounts of sensitive information. Possibly the largest single theft of personal information in recorded history occurred in July 2022 when unknown hackers broke into the poorly secured database of the Shanghai Police Department. The attack, now known as the “Shanghai Data Breach,” saw the loss of 23 terabytes of sensitive information on over one billion Chinese and foreign nationals. This attack highlighted not only the lax security of the Shanghai Police Department, but also the enormous trove of information collected on individuals passing through one China’s most populous cities. The Chinese Communist Party (CCP) has engaged in a vast and concerted effort for over a decade to collect information within China’s borders and steal valuable data abroad to advance their foreign policy objectives.
Chinese cyberattacks against US companies were first detected in the summer of 2009, when engineers at Google began to detect suspicious activity, they believed to be emanating from the Elderwood group, a Chinese cyber espionage organization with ties to the People’s Liberation Army. This campaign, codenamed Operation Aurora, was a sophisticated, multifaceted cyberattack that targeted Google, Adobe, and Morgan Stanley, among other US based companies. The attackers stole intellectual property from numerous companies as well as obtained the personal information of Chinese dissidents from hacked Gmail accounts. The attack amounted to the opening salvo in what is today commonplace cyberattacks on US private industry by the CCP.
The US government agency tasked with monitoring Chinese cyber activity is the Cybersecurity and Infrastructure Security Agency (CISA), and for the better part of a decade they have been warning of the omnipresent cyber threat posed by Chinese cyber actors. While cyberattacks originating in China were once a rare occurrence, they are increasing in frequency and effectiveness. Virtually no sector is immune from Chinese incursion. CISA has identified attacks to healthcare, financial services, the defense industrial base, energy, government facilities, chemical, critical manufacturing, aerospace, communications, education, video gaming, faith organizations, and law firms. These attacks aim to penetrate organizations through vulnerable entry points to steal proprietary information for Chinese businesses, collect sensitive information for Chinese intelligence services, and disrupt American businesses. To combat this offensive, CISA has sounded the alarm for the private sector to prepare with proactive corporate cybersecurity measures.
- Attacks from Chinese hackers are frequent and occur all over the world.
- Belgium’s Foreign Ministry stated in July 2022 that China had engaged in a cyber-espionage campaign targeting Belgium’s Ministries of Defense and Interior.
- The FBI, NSA, and CISA announced in June 2022 that Chinese state-sponsored hackers targeted and breached major telecommunications companies and network services providers in the US since at least 2020.
Chinese cyberattacks have come in many forms and knowing the signs of each can help to better protect your organization. A few examples of attack methodologies are:
- Phishing is one of the most widespread forms of cyberattack, and it is likely the one with which you are most familiar. These incursions often involve an attacker impersonating a trusted contact through email or text messages with malicious links. Once a victim opens these links the attacker can gain access to confidential information and credentials.
- Malware is another one of the most common forms of cyberattack. Malware attacks involve malicious software such as spyware, ransomware, worms, and trojans that breach networks through vulnerable access points to steal confidential data. These malicious programs can be contained in email links, downloads, or infected pen drives.
- Denial-of-Service is a significant threat to US business computer systems. In this form of attack, bad actors target systems and servers by flooding their systems with traffic in order to overload bandwidth and take down websites. These attacks can lead to significant financial losses and reputational damage for companies.
In this current threat environment, it is critical for organizations to routinely assess their corporate cybersecurity posture to determine possible weak points. Basic precautions, strong corporate IT policies, and awareness training for employees can go a long way in reducing the risk of an attack. However, organizations that hold large amounts of sensitive information need to protect themselves with far more sophisticated defenses like programs to detect suspicious activity and active tests of vulnerable computer systems. Being prepared for all situations will ensure businesses don’t fall victim to the aforementioned schemes. The threat of cyberattack is an inevitable byproduct of our modern economy, but with the right preparation and defenses your company can be prepared to meet these growing cyber challenges.