Malicious cyber operations conducted by Chinese government hackers pose a significant threat to American national security, according to a report by three U.S. security agencies.

The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and allied cyberspace assets,” the report says.

The report is the first time the security agencies directly called out Chinese cyber operations and listed at least 50 different technical methods used by Beijing’s cyber spies in stealing information from both government and private sector computer networks.

“Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational and critical infrastructure personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property and personally identifiable information,” the report said.

The report was released this week as part of a major Biden administration program to expose and denounce what it said were Chinese hacking and data theft.

According to the NSA, CISA — a part of the Homeland Security Department — and the FBI, the main targets of the cyberattacks include service providers, semiconductor companies, defense contractors, universities and medical institutions. The cyber operations support Chinese military and economic development.

The report details what security analysts call “TTPs” — tactics, techniques and procedures — used by Chinese hackers.

The technical report was produced to help computer administrators and others in protecting networks from Chinese attacks. The U.S. agencies identified what they called increasingly sophisticated state-backed cyber operations targeting political, economic, military, educational and critical infrastructures, such as electric and communication grids.

Chinese state hacker operations are conducted by the Ministry of State Security civilian spy service and People’s Liberation Army intelligence agencies. Analysts note that the two agencies in recent years have cooperated closely in targeting and collecting civilian and military information for the ruling Chinese Communist Party.

“These actors take effort to mask their activities by using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools,” the report said.

A second trend is the exploitation of operating systems and other software vulnerabilities.

“Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure,” the report said. “In many cases, these cyber actors seek to exploit vulnerabilities in major applications, such as Pulse Secure, Apache, F5 Big-IP and Microsoft products.”

China’s most-used software vulnerability is in unpatched Microsoft Object Linking and Embedding technology that allows hackers to use documents to send malware. Another favored method of Chinese hackers is the use of encrypted proxies to evade detection by cybersecurity tools.

“Chinese state-sponsored cyber actors have been routinely observed using a VPS as an encrypted proxy,” the report said. “The cyber actors use the VPS as well as small office and home office devices as operational nodes to evade detection.”

Critics see Biden defense budget shortfalls

The Biden administration’s proposed defense budget for fiscal 2022 falls short of meeting needed military support for the challenge posed by Communist China, said Roger Zakheim, director of the Ronald Reagan Institute.

“The Biden administration’s fiscal 2022 budget request falls seriously short of what is required to support the [2018] National Defense Strategy,” Mr. Zakheim, a former Pentagon official and congressional defense staffer, told the House Armed Services Committee this week. “The $715 billion request represents a real cut as it fails to keep pace with inflation.”

Mr. Zakheim called for a 3% to 5% annual increase in defense spending to confront threats posed by China and other adversaries, reflecting the past policy approach of President Reagan dubbed “peace through strength.” Those increases would amount to between $37 billion and $52 billion above the current funding request.

The flat defense budget sought by the administration “risks our ability to compete with China and meet our other national security obligations,” he said.

Mr. Zakheim noted that Congress is spending $3 trillion in response to the pandemic and is proposing additional trillions of dollars in future spending, but so far has not directed additional funds to the military. Mr. Zakheim said the Pentagon needs to stay “radically focused” on countering the Chinese military’s drive to become a world-class military by 2049.

China spends less on the military than the United States, but a recent Heritage Foundation study concluded that system differences allow the People’s Liberation Army to buy the equivalent of 87% of what the Pentagon budget can purchase.

PLA arms procurement, including around 14 warships a year and new aircraft carriers, will eclipse the U.S. military’s arms buying by 2024.

“If this occurs, then by 2030 the United States will no longer boast the world’s most advanced fighting force in total inventory value,” Mr. Zakheim said.

“The peace President Reagan spoke of was not a campaign slogan to advocate for more defense dollars but a desired end state in which American interests, economic prosperity and freedom were secured by the strength of a well-funded military capable of outcompeting those who might do us harm,” he said. “In short, we must resource a strong military because it is the best way to prevent war and sustain a peace on our terms.”

President Biden’s interim national security guidance set the stage for defense budget cuts and reduced military capabilities, he noted. The guidance called for shifting away from unneeded “legacy” weapons systems to free up funds for new high-technology arms and would cut $2.8 billion in weapons cuts with no replacements.

The budget request calls for $112 billion in research and development, a 5.1% boost from last year, and will seek the development of future capabilities in microelectronics, artificial intelligence and 5G communications applications for the military.

Trading current capabilities for future ones creates risks in the near term, as the Navy decommissions seven cruisers and cuts some F-18 jets, while the Air Force will cut many of its F-15 and F-16 fighters, Mr. Zakheim said.

“In my view, that’s a risk we should be unwilling to accept, especially given that we are in the midst of a heightened competition with China that is consistently and persistently placing demands on our force in every military domain,” he said.

Another problem for the current budget involves the administration’s plan to spend defense dollars on climate change and global pandemics.

Adding an additional $35 billion to $50 billion to defense “would allow the military to focus on the Indo-Pacific while also sustaining our security commitments in Europe and the Middle East,” Mr. Zakheim said.

With Democrats in charge of both the House and Senate and progressives pushing for defense spending cuts, analysts say major funding increases for defense are unlikely.

At the same hearing, Mandy Smithberger, director of the Center for Defense Information, called for cutting the current defense spending request.

China preps for ‘intelligent warfare’

Inside the Ring has obtained a Chinese military report from 2018 outlining how the People’s Liberation Army is moving to develop high-technology “intelligent warfare” capabilities.

The article published in the PLA Daily, the official military newspaper, describes such new warfighting core concepts as “intelligence supremacy, ubiquitous AppCloud, multi-domain integration, brain-machine fusion, intelligent autonomy and unmanned combat.”

Intelligence supremacy would use artificial intelligence for operational command, equipment and tactics to confront the enemy’s perceptions, understanding and reasoning and “damaging or interfering with the cognition of the enemy based on the speed and quality of the cognitive confrontation,” the report said.

AppCloud warfare will use the networked “Internet of Things” and powerful AI-directed computing power to direct multi-domain warfare capabilities. PLA future warfighting also will utilize the best aspects of the human brain combined with the speed of high-technology machines.

Intelligent weaponry will conduct reconnaissance, maneuver, strike, protection and other operational missions autonomously and learn with rapid input of information. And unmanned combat combines all the previous concepts to produce the battle mode for intelligent warfare.

Contact Bill Gertz on Twitter at @BillGertz.

Sign up for Daily Newsletters



Please enter your comment!
Please enter your name here