Pierluigi Paganini
October 22, 2023
The head of MI5, Ken McCallum, warns that Chinese spies targeted more than 20,000 people in the UK.
During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told BBC that the Chinese cyber espionage reached an epic scale.
Chinese cyber espionage aims at obtaining commercial secrets and intellectual property to advantage the government of Beijing.
“We have seen a sustained campaign on a pretty epic scale,” Mr McCallum told the BBC. “If you’re working today at the cutting edge of technology then geopolitics is interested in you, even if you’re not interested in geopolitics.”
Commercial businesses in the technology sector of any size, especially small companies and start-ups and researchers, are more exposed to Chinese espionage.
The British intelligence agency MI5 is also trying to warn tens of thousands of UK companies who are potentially exposed to cyberespionage attacks.
“These technologies are at a historic moment where they are beginning to change our world in some pretty fundamental ways,” Mr McCallum told the BBC, referring the interest of cyber spies into emerging technologies such as AI. “And we know that authoritarian states are laser-focused on the opportunities that these technologies may present for them.”
Threat actors are using LinkedIn as an attack vector to establish first contact with the targets.
Over the past year, British intelligence has observed over 20 cases involving Chinese firms contemplating or actively attempting to access sensitive technology developed by UK entities. The espionage activity used different means to conceal the involvement of the Chinese government, including financial investments. The BBC reported the case of an acquisition of a sensitive UK tech company involved in UK military supply chains.
“That has included at least two Chinese companies seeking to avoid the scrutiny required under law to access sensitive technology of UK companies undetected.” reported BBC. “Another Chinese company is believed to have acquired stolen research data from a top UK university. And there are thought to be attempts to bypass and undermine the management and regulatory controls at another two top institutions in order to access and influence cutting-edge research.”
Recently, US and Japanese intelligence, law enforcement and cybersecurity agencies warned of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware to access multinational companies’ networks.
BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan.
The group targeted organizations in multiple sectors, including defense, government, electronics, telecommunication, technology, media, telecommunication industries.
At the end of August, Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan.
The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware. The group relies on tools built into the operating system, along with some legitimate software. Microsoft has not observe
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Chinese cyber espionage)
