Chinese hacking groups have been accused of launching cyberattacks against various organisations and institutions around the world, including the US government, critical infrastructure, media and telecoms. Cybersecurity experts say that many of these groups are backed by China’s government, which has denied any involvement in state-sponsored hacking.
According to Reuters, one of the Chinese hacking groups, nicknamed Storm-0558 by Microsoft, has secretly accessed email accounts at around 25 organisations since May 2023. These include the accounts of US Commerce Secretary Gina Raimondo and two senior US diplomats dealing with China, Nicholas Burns and Daniel Kritenbrink. Microsoft said that the group misappropriated one of its digital keys and exploited a flaw in its code to steal emails.
Another Chinese hacking group, dubbed Volt Typhoon by Western intelligence agencies and Microsoft, has been spying on a range of US critical infrastructure organisations, from telecommunications to transportation hubs. They described the attacks in 2023 as one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure. China’s foreign ministry rejected the claims.
A Reuters report in May 2023 identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said they were not aware of such hacking and described the accusations as baseless. Palo Alto Networks, a US cybersecurity firm, said its research showed BackdoorDiplomacy had links to the Chinese state and was part of the APT15 hacking group.
Chinese hacking team APT 41, which is also known as Wintti, Double Dragon and Amoeba, has conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to US-based cybersecurity firms FireEye and Mandiant. The US secret service said the team had stolen US COVID-19 relief benefits worth tens of millions of dollars between 2020 and 2022. Taiwan-based cybersecurity firm TeamT5 said the group had targeted government, telecoms and media victims in Japan, Taiwan, South Korea, the United States and Hong Kong.
China’s authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. Beijing has called the US “the empire of hacking” and accused the US National Security Agency (NSA) of using a backdoor, dubbed Bvp47, to monitor 45 countries.
The US and its allies have repeatedly condemned China’s cyber activities and imposed sanctions and indictments on some of its alleged hackers. The US has also accused China of being behind the massive SolarWinds hack that compromised thousands of organisations in 2020.
The tensions between the two countries over cybersecurity issues have added to their already strained relations over trade, human rights, Taiwan and other matters.