A trove of recently leaked files details some of the myriad ways China uses private hackers to gain access to sensitive information and calls into question U.S. readiness when it comes to cyberattacks by hostile foreign governments.
The files reveal that a Chinese private company, I-Soon, markets hacking tools to various Chinese entities, including the Ministry of State Security, the People’s Liberation Army, and China’s national police, according to reporting by The New York Times.
The data dump follows last year’s revelations that China may have infected U.S. infrastructure technology with malware that had the potential to disable telecommunications and disrupt water, power, and fuel systems. Microsoft first discovered the malware in its systems in Guam, an American territory in the Pacific Ocean home to a massive military base that is key to defending American allies in Asia, as reported by The Dallas Express.
As the investigation expanded, officials discovered the malware was also deployed outside the base in Guam. The Biden administration subsequently ramped up efforts to root out cyber espionage and malware attempts, which had already increased in 2019 and 2020.
“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam R. Hodge, acting spokesperson for the National Security Council, in response to a request for comment by The New York Times last year.
China is not the only foreign government the United States has accused of using cyberattacks to gain access to sensitive systems. In 2021, a private cybersecurity firm discovered malware that affected at least 250 government agencies and more than 30,000 public and private organizations. The malware was believed to have been planted by Russian operatives who allegedly exploited software from a Texas-based company called SolarWinds, according to TechTarget.
The investigation into the Russian attack is ongoing, and many companies are still unsure whether their systems were compromised, TechTarget claimed. It is believed that the attack began in 2019 and originated in the United States through the exploitation of privacy laws that prevent the NSA from accessing U.S. servers.
A ransomware attack in 2021 against Houston-based Colonial Pipeline shut down a critical system of gasoline and jet fuel delivery networks, leading to widespread fuel shortages along the East Coast. Colonial Pipeline was reportedly forced to pay $4.4 million to the Russia-based hacking group DarkSide, of which about half was ultimately recovered by the FBI.
The attack prompted the Biden administration to issue a series of executive orders aimed at enhancing cyber security. The most recent order was issued on February 21 of this year to address vulnerabilities at U.S. shipping ports through $20 billion in additional taxpayer spending on cybersecurity.
The revelations from the I-Soon data leak indicate that the United States and its allies face an ever-growing number of hacking attempts from various state and private actors that target everything from GPS data to flight records to financial statements.
Recent examples of successful attacks also indicate that the United States may be vulnerable to critical infrastructure hacks that, like the Colonial Pipeline attack, could disrupt life for everyday Americans or potentially slow down the ability of the U.S. military to respond quickly to attacks against allies.
