CHINA’S vast army of hackers are waging a cyber war on the West to pave the way for a new world order, a top MP has warned.
In a stark warning, former Tory leader Iain Duncan Smith said: “This is a war and we are losing it.”
It comes as GCHQ revealed that China is the intelligence agency’s top priority as it “poses a genuine and increasing cyber-risk to the UK”.
Anne Keast-Butler, the agency’s director, accused Beijing of “working with others to try and reshape the world”.
UK government officials fear China stole names and bank details of Britain’s entire armed forces in an epic hack – and accused Beijing of hacking the Electoral Commission.
Some 270,000 people including regular troops, reservists and some veterans have been affected by the hack on the Ministry of Defence’s payroll system.
Read more on China & Taiwan
Defence officials refused to name the country or hackers behind the attack – but insiders suspect China.
Amid the crisis, Mr Duncan Smith said the suspected Chinese attack is just the tip of the iceberg – with Beijing waging a colossal cyber war on the West.
The 70-year-old warned China is “trying to break down the West” – and it’s just the beginning.
Speaking to The Sun, he said: “This is China – the second largest economy in the world, the second largest military. It plans to take over America.
“They are very significant players now. They want to make sure the world is run in their way of thinking.
“This is the just the beginning of what is essentially a war.
“It’s a cyber war at present, but who knows. If Russia wins in Ukraine, China will take Taiwan. The nature of China’s threat grows.
“If they can confuse us, make us unsure, disinform us, create division, then that plays well to their plans. China is working constantly to undermine us. This is the reality of what’s happening.
“It’s to get as much information as they can by hacking us, find out what we’re up to, and counter anything that we do and make sure we’re constantly fighting this rather than doing anything in return.”
He added: “If you push anyone inside the security services, they will tell you China is at war with us.
“They see us as a legitimate target and they want to go after us. And that’s what they are doing.
“It’s time to call China a threat. It’s time to take action, it’s time to invest more. This is a war and we are just losing it.
“The UK is worried about pushing China too hard. They think they have business interests in China which may be affected, so I think there’s a hesitancy.”
The PRC is looking to shape global technology standards in its own favour, seeking to assert its dominance within the next ten to fifteen years
Anne Keast-Butler
Echoing GCHQ’s warning, Mr Duncan Smith said China is building a “new axis of authoritarian states”.
And their “purpose is to break the hold that the free world has over key institutions and ability to function”, he claims.
“Those powers are China, North Korea, Russia and Iran,” Mr Duncan Smith said.
“[Xi] wants to see all countries adopting China’s form of strong, centralised unelected government.”
Addressing the CyberUK conference, GCHQ’s Keast-Butler said China poses “a significant risk to international norms and values through their coercive and destabilising actions”.
She said Beijing’s “irresponsible actions” were “weakening the security of the internet”, The Times reports.
“China has built an advanced set of cyber-capabilities and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal,” she said.
This is the just the beginning of what is essentially a war
Iain Duncan Smith
“China poses a genuine and increasing cyber-risk to the UK.
“The PRC is looking to shape global technology standards in its own favour, seeking to assert its dominance within the next ten to fifteen years.”
Speaking in March, Deputy Prime Minister Oliver Dowden also warned there was a “clear pattern of hostile activity from China”.
The Ministry of Defence cyberattack came less than two months after China’s “state-affiliated actors” were blamed by the government for two “malicious” cyberattack campaigns in the UK.
And this year, the US revealed that a Chinese hacking network known as Volt Typhoon had infiltrated the country’s critical infrastructure for as long as five years.
FBI director Christopher Wray described the group as “the defining threat of our generation”.
Cyber attacks against government departments, contractors and MPs
May 2024
Britain accused China of stealing the names and bank details of former and current members of the UK’s armed forces.
Some 270,000 people including regular troops, reservists and some veterans were affected by the hack.
Defence officials refused to name the country or hackers behind the attack but insiders suspected China.
The attack is thought to have been carried out on a payroll system which included current service personnel, some officials and some veterans.
March 2024
The UK and the United States accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
Britain publicly blamed China for targeting the Electoral Commission watchdog and for being behind a campaign of online “reconnaissance” aimed at the email accounts of MPs and peers.
The Electoral Commission attack was identified in October 2022, but the hackers had first been able to access the commission’s systems for more than a year, since August 2021.
December 2023
A Foreign Office minister told the Commons that private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service during “sustained” attempts to interfere in UK politics.
A cyber influence campaign by a group known as Star Blizzard, “almost certainly” a subordinate of an FSB cyber unit, had “selectively leaked and amplified information” since 2015.
July 2022
The British Army confirmed a “breach” of its Twitter and YouTube accounts. The channel featured videos on cyptocurrency and images of billionaire businessman Elon Musk.
The official Twitter account had retweeted a number of posts appearing to relate to NFTs (non-fungible tokens).
July 2021
The UK accused the Chinese government of being behind “systematic cyber sabotage” following a hacking attack which affected a quarter of a million servers around the world.
The attacks, which took place in early 2021, targeted Microsoft Exchange servers.
April 2021
Britain accused Russia’s foreign intelligence service of being behind a major cyber attack on the West.
The Foreign, Commonwealth and Development Office (FCDO) said the National Cyber Security Centre (NCSC) had assessed that it was “highly likely” the SVR was responsible for the so-called SolarWinds hack.
July 2020
Britain, the United States and Canada accused Russian spies of targeting scientists seeking to develop a coronavirus vaccine.
The three allies said hackers linked to Russian intelligence were seeking to steal the secrets of research bodies around the world, including in the UK.
EYEING UP TAIWAN
Beyond the West, experts have warned China is waging a relentless secret cyber war on Taiwan to pave the way for a full-scale invasion.
Beijing has long used Taiwan as a testing ground for its cyber warfare capabilities – but attacks have been increasing at an unprecedented rate.
According to Taiwanese parliament member Wang Ting-Yu, the island is hit by a whopping 20million cyber attacks every day – and Chinese hackers are responsible for the majority of them.
In a chilling warning in November, former Taiwan President Tsai Ing-wen said the island was “facing mounting military intimidation, grey-zone campaigns, cyber attacks and information manipulation”.
And analysts fear China’s escalating cyber warfare is setting the stage for an all-out invasion of Taiwan – which Beijing regards as part of its territory.
Kitsch Yen-Fan, the assistant director for the Global China Hub at the Atlantic Council, warned “we are already at war”.
“This is a constant thing,” he told 60 Minutes.
The number and types of attacks China wages against Taiwan are very different from what they deploy to other nations
James Turgal
“Fake news on social media is a way for [China] to pave the way for their eventual operation.
“They want to basically sway public opinions, demoralise the public, to make their eventual takeover that much easier, which is actually what the Russians were trying to do in Ukraine.”
China has vowed to take Taiwan by force if necessary – carrying out ever more regular invasion rehearsals.
Taiwan insists it is an independent nation after splitting from China in 1949.
Cyber attacks escalated dramatically before the Taiwanese elections in January.
Last year, 7-Eleven stores were hacked to display the message, “Get out of Taiwan”.
And data shows that attacks spiked ahead of Pelosi’s visit to the small island in the summer of 2022.
At a train station in the port city of Kaohsiung, digital signs were hacked to call Pelosi “an old witch”.
CYBER ATTACK SPIKE
Anne An, manager of threat intelligence analysis at Trellix, said China’s malicious activities “have demonstrated a higher level of stealth and sophistication in evading detection”.
An told The Sun: “China’s cyberattacks on Taiwan have grown in both frequency and sophistication in recent years.
“Throughout 2023, political tensions in the Taiwan Strait have also sparked periodic spikes in cyber threat activities targeting Taiwan.
“Throughout the course of the previous six months, Trellix telemetry has recorded an uptick in malicious activity targeting Taiwan by China-associated APT groups, ranging from eight detections per day to over 800 detections per day during the peak period.
“Based on our data, top attack tools leveraged against Taiwan include China Chopper and Cobalt Strike.
The number of groups in China that are performing hacking and trying to get into technology companies or get into cloud customers is huge
Kate Morgan
“Most recently in early 2024, Trellix observed another significant spike in cyber threat activity targeting Taiwan’s financial organisations, local police departments, and government offices ahead of its presidential election.
“These malicious activities have demonstrated a higher level of stealth and sophistication in evading detection, discovery, and establishing command and control.
“Over the past 12 months in the global context, Trellix has observed a drastic increase in threat activity from China-affiliated APT groups, rising from 8,000 daily detections in January 2023 to over 150,000 detections in January 2024.”
Cybersecurity experts at Google noted a “massive increase” in Chinese cyber attacks on Taiwan last year.
Kate Morgan, senior engineering manager in Google’s Threat Analysis Division, told Bloomberg that Google is tracking close to 100 hacking groups out of China.
Kate, who monitors government-sponsored hacking campaigns, said hackers are going “after everything” – including government, private companies and defence organisations.
“The number of groups in China that are performing hacking and trying to get into technology companies or get into cloud customers is huge,” she said.
China’s hacking gangs
WESTERN intelligence agencies have identified several Chinese hacking teams.
APT 41, also known as Wintti, Double Dragon and Amoeba: The US says the hacking team has conducted government-backed cyber intrusions and financially-motivated data breaches.
Volt Typhoon: Western intelligence agencies and Microsoft says the state-sponsored group spies on US infrastructure organisations, from telecommunications to transportation hubs.
Storm-0558: Microsoft says the Chinese-based actor misappropriated one of its digital keys and used a flaw in its code to steal emails.
APT 27: Western intelligence agencies and cybersecurity researchers say the Chinese hacking team is sponsored by the state and launched multiple attacks on Western and Taiwanese government agencies.
APT 31: In March 2024, the US charged seven hackers from APT 31 – allegedly tied to the Chinese government – with conspiracy to commit computer intrusions and conspiracy to commit wire fraud. The US says APT 31 spent 14 years targeting US and foreign critics, businesses, and political officials.
According to Cloudflare, cyber attacks designed to overwhelm and crash networks in Taiwan reached new levels last year, spiking 3,370 per cent — a more than thirty fold increase since the previous year.
A Fortinet study said Taiwan faced up to 15,000 cyber attacks every second in the first half of 2023 – an increase of 80 per cent compared to the same period in 2022.
“The number and types of attacks China wages against Taiwan are very different from what they deploy to other nations,” James Turgal, former FBI Executive Assistant Director of Information and Technology, told Politico.
Turgal called it an “embarrassment campaign”, where China infiltrates systems to post degrading statements that make Taipei look bad.
“You basically manipulate and take over the website and put up anti-Taiwan statements on government sites that are forward-facing — which is a type of attack you don’t see against US interests,” he said.
“You saw a lot of those just before Russia entered Ukraine.”
Roy Chun Lee, Taiwan’s deputy minister of foreign affairs, told Politico: “Every day there are attempts to find loopholes and backdoors in our system.”