US-based IP addresses seized control of Chinese systems to target Russia, Belarus and Ukraine, China says
In 87 per cent of these attacks, the targets were Russian entities, according to Chinese officials
China says it has been the victim of ongoing cyberattacks since February, in which IP addresses from the United States were used to take control of Chinese computers in order to target entities in Russia, Belarus and Ukraine.
China's National Computer Network Emergency Response Technical Team/Coordination Center (CERT/CC), National Computer Network Emergency Response Technical Team (CERT) states on its website that foreign actors controlled Chinese computers through cyber attacks to launch further attacks on Russia, Belarus and Ukraine.
After analysis, China CERT found that the majority of attack addresses were from the United States, although there were also a few attacks from other countries, such as Germany and the Netherlands.
In 87 per cent of these attacks, the targets were Russian entities.
China's CERT says it identified more than ten attack addresses from New York State alone, with attack traffic reaching 36 Gbps at its peak.
The Register says it had conducted some WHOIS research and could determine that the IP addresses in question seem to be owned or maintained by carriers or colocation firms based in the United States.
According to the news website, it is possible that whoever was behind the attacks co-opted resources at those IP addresses.
Fang Xingdong, the founder of Beijing-based technology think tank ChinaLabs, told Chinese publication Global Times that the use of a third country's computers to execute cyberattacks is not uncommon and that China, with its large number of computers, may easily become a target of such assaults in search of zombie computers.
Cyberattacks have been a major source of contention between the US and China, with the former accusing the latter of conducting a worldwide cyberespionage operation.
However, China denies conducting cyberattacks and has labelled such assertions as "propaganda".
Last week, American cybersecurity firm Mandiant said that China-backed hacking group APT41 breached six US state government networks between May 2021 and February 2022 by exploiting security vulnerabilities in internet-facing web applications.
The vulnerabilities exploited by the group included a zero-day (CVE-2021-44207) in the animal health reporting database system USAHERDS as well as the infamous zero-day (CVE-2021-44228) in Log4j that was uncovered in December last year.
In 2020, the US Department of Justice (DoJ) indicted five Chinese individuals and members of the APT41 group for their alleged role in state-sponsored hacking campaigns targeting over 100 firms based in the US and other countries.
In December last year, Microsoft said it took control of 42 domains that were being operated by a Chinese-based cyber-espionage group (named Nickel) to carry out intelligence gathering in the US, as well as around the world.
Microsoft said the primary aim of the group is to compromise and gather confidential data from government agencies, diplomatic entities, human rights organisations and think tanks.
In July 2021, the UK's National Cyber Security Centre (NCSC) said that threat actors affiliated with the Chinese government were 'responsible for gaining access to computer networks around the world via Microsoft Exchange servers.'
Attackers targeted Microsoft Exchange Server email software last year, exploiting four security flaws to affect at least 30,000 organisations in the USA, alone.
In addition to the Exchange Server attacks, the UK government also attributed cyber activity that researchers have linked 'APT40' and 'APT31' to the Chinese Ministry of State Security.
The government said there is credible evidence to suggest that sustained and irresponsible cyber activity continues to emanate from China.