Things continue to heat up between Washington and Beijing. In a joint advisory, cybersecurity authorities in the United States, Canada, the United Kingdom, Australia and New Zealand warned on Thursday of a malicious “group of activities” associated with “a cyber actor sponsored by the state of the People’s Republic of China, also known as the Volt Typhoon”. “This activity affects the networks of critical infrastructure sectors of the United States” and the entity carrying out the attack “could apply the same techniques (…) around the world”, they added.
Beijing denial
Charges defeated Thursday by Beijing. “This is a report that has serious flaws and is extremely unprofessional,” Mao Ning, a spokeswoman for the Chinese Ministry of Foreign Affairs, reacted during a regular press conference. “It is clear that this is a collective disinformation campaign by the countries of the Five Eyes coalition, launched by the United States for geopolitical purposes,” she continued.
“As everyone knows, the Five Eyes Alliance is the world’s largest intelligence organization and the (US) National Security Agency (NSA) is the world’s largest hacking organization,” Mao Ning said. “The fact that they are teaming up to publish such a disinformation report is in itself ironic. »
The “Five Eyes” alliance is a collaborative intelligence network that includes Australia, the United States, Canada, the United Kingdom and New Zealand – countries that mostly have differences with China, to varying degrees.
A camouflage tactic
According to the Western security agencies concerned, the attacks notably use the so-called “Living off the land” (LotL) tactic, whereby the attacker uses the characteristics and tools of the system he is targeting to break into the inside without leaving traces.
“It’s what I would call low and slow cyber activity,” says Alastair McGibbon, chief strategy officer of Australian firm CyberCX and former director of Australia’s Cybersecurity Centre. “It’s like someone wearing a camouflage jacket and a sniper rifle. We do not see it, it is not there. Once inside, intruders can steal information, continues this expert. “But it also gives them the opportunity to carry out destructive actions at a later stage. »
In particular, the attacker can use legitimate administrative tools to penetrate the system and insert harmful scripts or code. This type of intrusion is much more effective than those using malware, which are more easily detectable.