Chinese hackers have increased attacks on global telecoms companies in the past year, suggesting an escalation in Beijing’s cyber espionage operations as the US pushes allies to block Huawei from future 5G networks.
According to a new report from CrowdStrike, the California-based cyber security company that first attributed the 2016 hack on the US Democratic National Committee to Russia, 2018 saw an overall increase in Chinese cyber attacks, especially against US targets.
The company said the increase was explained by growing tensions over trade between Washington and Beijing but added that the specific targeting of telecoms companies worldwide pointed to a wider surge in spying by Chinese state-backed cyber warriors.
Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, said Chinese cyber espionage was now back to the same levels seen prior to a US-China agreement to limit economic spying signed by the two countries in 2015.
“In terms of volume, China is by far the most active [in 2018],” said Mr Alperovitch. “They are fully back and engaging in economic espionage across numerous industries of strategic interest to China.”
According to CrowdStrike, in addition to China, Russia, North Korea and Iran were leaders in hostile state cyber activity in 2018.
The US has been lobbying other western partners and fellow members of the Five Eyes intelligence alliance to prevent their telecoms companies from involving Huawei in the roll-out of fifth generation networks because of the risks posed by Chinese snooping and cyber disruption.
Although Australia and New Zealand have responded by blocking or banning the Shenzhen company, the FT reported on Sunday that the UK’s National Cyber Security Centre was confident it could mitigate the risks posed by Huawei to 5G.
Other European countries have also offered a mixed response, underlining the delicate balancing act governments face in weighing cyber security, public demands for super fast communications and trade opportunities with China.
Telecoms companies and their employees are frequent targets of “spear phishing” attempts, where an employee is enticed into opening an email or downloading a document that can allow a hacker access to internal information. Government and corporate contracts operated by telecoms companies could contain useful information or hackers could be attempting to gain access to passwords.
CrowdStrike’s annual threat report said Chinese hackers used a range of approaches to target telecoms groups, including spear phishing but also attacking supply chains.
The risk from internet service suppliers exploited by malware was highlighted last year when the UK and the US attributed a series of attacks on IT companies to the Chinese state-backed hacking group APT 10, also known as Red Apollo or Stone Panda.
“The use of telecom-related lures is almost certainly socially engineered to take advantage of the reliance on communications technology and the high degree of trust placed in the operators of the networks that support businesses and government organisations,” the CrowdStrike report said.
