The new GCHQ director has warned China’s irresponsible actions in cyberspace could weaken the safety of the internet for all.
China poses a genuine and increasing cyber risk to the UK, said Anne Keast-Butler, Director at GCHQ, the UK’s leading intelligence agency, during her speech at CyberUK 2024 in Birmingham.
She noted that the UK wishes to work with China on mutually beneficial acts, like tackling climate change, engaging in safe trade and AI safety. However, while Russia and Iran pose immediate threats, Keast-Butler said China is the ‘epoch-defining’ challenge.
“Through their coercive and destabilizing actions, the PRC poses a significant risk to international norms and values,” she said. “In cyberspace, we believe that the PRC’s irresponsible actions weaken the security of the internet for all.”
Felicity Oswald, CEO of the NCSC, also noted that the US, UK and allies have raised the alarm repeatedly about activity by the Volt Typhoon group, which could be laying the groundwork for disruptive or destructive cyber-attacks.
Volt Typhoon is a hacking group associated with the Chinese government that has been found to have compromised devices like obsolete routers in order to carry out cyber espionage.
According to a recent advisory published by US Cybersecurity and Infrastructure Security Agency (CISA), Volt Typhoon has successfully compromised organizations across various sectors, including communications, energy, transportation systems and water and wastewater systems.
CISA confirmed Volt Typhoon has been actively infiltrating networks of US critical infrastructure organizations. No such confirmation has been made by UK government agencies.
White House Issues Warning on China’s Cyber Capabilities
Also speaking during the CyberUK event, Harry Coker, National Cyber Director at the White House, said that the People’s Republic of China (PRC) hackers are working on circumventing defenses, and are “targeting our interests at an unprecedented scale.”
“The PRC People’s Liberation Army has invested tremendous resources in building up their cyber program, and they are doing this for one reason: to hold civilian critical infrastructure at risk in a time of competition,” he added.
The threat from China is particularly pertinent in a crisis or conflict scenario. During such time China could use their pre-positioned cyber capabilities to wreak havoc in civilian infrastructure and deter US military action,” Coker noted.
Coker added that the threat from China is a global problem.
Developments in China’s Cyber Tradecraft
Specific developments in China’s cyber tradecraft include living off the land techniques where the threat actors use of existing tools and tactics on targeted systems or networks to carry out a cyber-attack.
While there was previous focus on IP theft, for example, Chinese threat actors are now prepositioning themselves within the network.
Chinese threat actors are also targeting existing vulnerabilities, including n-days and zero days.
Some have commented that this change in tradecraft is the result of failed attempts using previous techniques, essentially getting caught has forced threat actors to change course.