US Treasury Hack: Are China and the US Stepping Up Their Cyber ​​War? | Cybercrime news

The US Treasury Department on Monday hit China for breaching its network and accessing information that included unclassified documents.

Beijing has denied the allegation, calling it “baseless”.

The alleged hacking comes weeks after Beijing accused Washington of carrying out two cyberattacks on Chinese technology companies.

With the trade blame of Washington and Beijing, we evaluate the history of the cyber war between the two largest economies in the world and whether it is intensifying.

Who hacked the US Treasury Department?

The US Treasury Department accused Chinese state-owned hackers of breaking into its system this month and accessing employee workstations and unclassified documents.

The department said the hackers gained access by breaking a security key used by third-party cybersecurity provider BeyondTrust, which provides remote technical support to Treasury employees.

The Treasury Department published these details on Monday in a letter to the US Congress. The attack was caused by “an Advanced Persistent Threat (APT) actor based in China,” the letter said.

The department, however, did not specify the number of compromised workstations, the nature of the files, the exact time of the hack and the level of confidentiality of the compromised workstations.

On December 8, the Treasury was alerted to a hack by BeyondTrust. The BBC reported that BeyondTrust first suspected the unusual activity on December 2, but it took three days to determine that it had been hacked.

How did the US Treasury Department respond?

The department said there is no evidence the hackers still have access to the department’s information and that the compromised BeyondTrust has been offline.

It assesses the impact of the hack with the assistance of the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The hack is being investigated as a “major cybersecurity incident.”

The department’s letter to Congress added that additional information about the attack will be sent to US lawmakers within 30 days.

“Over the past four years, the Treasury has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors,” said a spokesperson for the department in a separate statement.

How did China respond?

China has denied the department’s accusations, and its Foreign Ministry said Beijing condemns all forms of hacking attacks.

“We have stated our position many times regarding such baseless accusations that lack evidence,” ministry spokesman Mao Ning was quoted as saying by the AFP news agency.

A spokesman for the Chinese embassy in the United States, Liu Pengyu, denied the department’s allegations. “We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said, according to a BBC report.

“The US needs to stop using cyber security to disparage and slander China and stop spreading all kinds of disinformation about so-called Chinese hacker threats.”

Are the US and China Stepping Up Cyber ​​Attacks Against Each Other?

While the United States has blamed China for cyberattacks over the years, Beijing has also accused Washington of hacking its critical cyber infrastructure in recent years.

Here is a brief timeline of recent cyber attacks claimed by the two nations:

December 18thThe China National Computer Network Emergency Response Technical Team/China Coordination Center (CNCERT/CC) released a statement saying that two US cyberattacks since May 2023 attempted to “steal trade secrets” from Chinese technology companies.

December 5thUS National Security Adviser Anne Neuberger said a Chinese hacker group called Salt typhoon had obtained communications from senior US government officials, but the classified information was not compromised.

A month ago, on the 13th of Novemberthe FBI and CISA said they had discovered a wide cyber espionage campaign carried out by China-linked hackers.

The US said the hackers compromised “the private communications of a limited number of individuals”. While it did not specify who those individuals were, they were “primarily involved in government or political activity,” the FBI and CISA said.

Weeks before the US elections in Novemberthe FBI launched an investigation following reports that Chinese hackers targeted the president-elect’s cell phones Donald Trump and Vice President-he JD Vance as well as people associated with Kamala Harris, the Democratic presidential candidate in the race.

In July 2023US tech giant Microsoft said the China-based hacking group Storm-0558 breached the email accounts of around 25 organizations and government agencies. The compromised accounts included those belonging to US State Department staff.

In MarchThe United States and the United Kingdom accused China of conducting a sweeping cyberespionage campaign that allegedly hit millions of people, including lawmakers, journalists and defense contractors. Both countries imposed sanctions on a Chinese company after the incident. A month earlier, US authorities said they had dismantled a Chinese-sponsored hacking network called Volt Typhoon.

In response, China called the accusations “completely fabricated and malicious slander.”

In March 2022China has said it has experienced a series of cyberattacks that have mostly targeted US addresses. Some have also been traced in the Netherlands and Germany, according to CNCERT/CC.

Why are cyberattacks launched?

State-backed actors are regularly accused of launching cyberattacks against adversaries ranging from state institutions to politicians and activists. They aim to gain unauthorized access to confidential data and trade secrets or disrupt the economy and critical infrastructure.

“The United States and China have had a history of using cyber defense to further their national security goals,” Rebecca Liao, CEO of tech startup Saga, told Al Jazeera.

“While spying against state actors is an accepted practice, the United States has protested China’s rampant cyberattacks against U.S. business entities,” said Liao, who was a member of President Joe Biden’s 2020 presidential campaign, consulting on China, technology and economic policy in Asia.

“Obviously it is not diplomatically prudent to build a history of resorting to espionage. That is why Beijing has been so quick to deny all the allegations.”

With the development of digital technology, cyberattacks are on the rise worldwide, according to the German Institute for International Affairs and Security (SWP). Data from the SWP shows that cyber attacks have increased from 107 in 2014 to 723 in 2023.

Cyberattacks are also carried out by individuals or organized groups who want to steal data and money.

How can countries protect themselves from cyber attacks?

The United States and China “should make a treaty on the responsible use of cyberspace,” wrote researchers Asimiyu Olayinka Adenuga and Temitope Emmanuel Abiodun from the Department of Political Science at Tai Solarin University in Nigeria in an article published this year.

They cited the example of the treaties signed between the United States and the Soviet Union as a result of the Strategic Arms Limitation Talks, SALT I and SALT II, ​​in 1972 and 1979. The two superpowers of the Cold War signed treaties to establish US-Soviet stability by limiting their production of nuclear weapons.

In his article, Tai Solarin researchers added that there is a need for more technological development, especially in quantum computing, which will make it more difficult to carry out cyberattacks.

Victor Atkins, a fellow at the Indo-Pacific Security Initiative at the US Atlantic Council think tank, wrote in a February article that the US “should launch a new multilateral coalition of sharing cyber threat intelligence in the Indo-Pacific” to combat cyberattacks from China.

“A decade ago, there were some suggestions to convince an international body around cyber security to come up with standards or codes of conduct that participating nations would respect,” said Liao, the technology expert.

“However, none of these efforts have borne fruit, and it is up to each individual country to protect itself against cyberattacks.”

Governments are currently working on developing cyber security infrastructure such as firewalls to protect themselves from cyber attacks such as hacking.

An article published by the University of Miami added that countries employ other practices to counter cyber threats. These include testing these cyberthreats in a simulated environment. “Cyber ​​teams are constantly undergoing training exercises, similar to the military,” the article said.