US global cyberattacks, espionage uncovered

Hackers from United States cyber forces and intelligence agencies disguise themselves like "chameleons "in cyberspace, posing as other countries to conduct global cyberattacks and espionage operations, while also pouring dirty water on non-US allies like China, according to an investigative report published on Monday.

The report, titled "Volt Typhoon III: A Cyber Espionage and Disinformation Campaign Conducted by US Government Agencies", said more evidence has shown that "Volt Typhoon", which US politicians, intelligence communities and companies have claimed is a China-sponsored hacking organization, was part of a false narrative, promoted by US intelligence agencies, that cyberattacks were being launched on critical infrastructure in the US.

The report is the third of its kind released by the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology.

According to the latest report, the US has long deployed cyberwar forces in areas surrounding "adversary countries" to conduct close-in reconnaissance and network penetration.

To satisfy those tactical needs, US intelligence agencies have developed a customized stealth toolkit code-named "Marble" to cover up their operations, mislead attribution analysis and blame other countries.

The "Marble" framework has the ability to insert strings in various languages, such as Chinese, Russian, Korean, Persian and Arabic, according to the report. The feature is clearly intended to mislead investigators and defame countries including China, Russia, the Democratic People's Republic of Korea and Iran, as well as Arab countries, it said.

In the two previous investigative reports on "Volt Typhoon", published on April 15 and July 8, the Chinese technical teams presented evidence that US government agencies orchestrated and hyped up the "Volt Typhoon" cyberthreat narrative to secure additional funding from the US Congress and to bolster the cyber infiltration capabilities of US intelligence agencies.

The narrative originated from a joint advisory by the cybersecurity authorities of the US and its "Five Eyes" allies — the United Kingdom, Australia, Canada and New Zealand. The advisory was based on information released by US tech company Microsoft, which failed to provide a detailed analytical process for source tracing of the cyberattacks from "Volt Typhoon", the two previous reports said.

In addition, according to the latest report, US intelligence agencies have established a global internet surveillance network that has generated a large amount of high-value intelligence.

The report also said that the US has long taken advantage of its well-developed information and communication technology industry to construct internet infrastructure to control internet "choke points".

Furthermore, it said, there are at least seven access sites for tapping underwater optical cables spanning the Atlantic and Pacific oceans. All the access sites are operated by the US National Security Agency, the Federal Bureau of Investigation and the National Cyber Security Centre of the United Kingdom.

According to the report, the NSA employs a "supply chain" attack method that uses advanced US information and communication technology and products against a variety of high-value targets of other countries that have high levels of protection and are challenging to penetrate in cyberspace.

With the cooperation of large internet enterprises or equipment suppliers in the US, the NSA is able to intercept US-made network products purchased by its targets. The products will then be unpacked and implanted with backdoor malware before being repackaged and shipped to the various targets, the report said.

The method is usually used in attack operations against other countries' telecommunication and network operators. When the NSA gains control of the targeted telecom network operator's system, it is able to monitor the target's cellphone communication content. In the attack against Northwestern Polytechnical University in Xi'an, Shaanxi province, the internet service provider located in China was compromised by the NSA with the "supply chain" attack method. As a result, the telephone calls and internet activities of the victims were tracked by the NSA in real time.

Such an extensive surveillance program requires a substantial annual budget, and with the explosive growth of internet data, the demand for funding is bound to rise, the report said, adding that this is one of the main reasons that the US government, in collaboration with its intelligence agencies, devised and promoted the "Volt Typhoon" operation.

Chinese Foreign Ministry spokeswoman Mao Ning said on Monday that the report has further exposed some "shocking" facts.

Those facts have made people see who is the biggest threat to global cybersecurity, Mao said. The US government has decided to turn a blind eye to reports on the issue while continuing to spread the false "Volt Typhoon" cyberthreat narrative, and the US should stop smearing China in the name of cybersecurity, she added.

cuijia@chinadaily.com.cn

?