3 minute read
CCP Infiltration
ANDERS CORR is a principal at Corr Analytics Inc., publisher of the Journal of Political Risk. He is an expert in political science and government. Anders Corr
China Hacks America Again
Millions vulnerable, including states using agricultural software
China is hacking into state governments in the United States, stealing sensitive data, and propagandizing the world with disinformation that favors Russia’s invasion of Ukraine.
The regime most recently hit at the heart of America, in part by using an obscure livestock app called USAHERDS. Cowboys everywhere should wrap on their chaps, saddle up, and get ready to rumble.
The most recent hacks could have targeted any state government in the United States e.g., Texas, Nebraska, California, or Alaska. Few know which states were breached, as Mandiant, the company that discovered the breaches, kept mum. Google is about to purchase the firm for $5.4 billion.
We do know that the hackers left digital fingerprints that have APT41 written all over them. APT41 is China’s regime-backed hacking group, made infamous when the U.S. Justice Department indicted five of its members in 2020.
APT41 hacks for the Chinese Communist Party (CCP), but also for criminal profit, across the United States, Europe, and Asia. France, Britain, Australia, and Chile are all targets. APT41 conducts cyberespionage, ransomware, and the theft of virtual currency. They insert code surreptitiously into automatic updates to software you may already have on your computer.
Most recently, the hackers used vulnerabilities in normal programs that professionals use, including not only USAHERDS, used by 18 U.S. states, but Log4J, loaded on millions of computers worldwide that run online services.
“It’s very unnerving to see this group everywhere,” Mandiant analyst Rufus Brown told Wired Magazine. “APT41 is going after any external-facing web application that can give them access to a network. Just very persistent, very continuous targeting.”
Naive users who didn’t take quick action after a Dec. 10 warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) likely got hijacked. The warning probably alerted some of the CCP’s hacker army as well.
Within hours, they used the vulnerability for their own malign purposes, including “credential harvesting,” which steals passwords and “backdoor code” implantations that provide hackers with ongoing access to victims.
While much of the world focuses on Russia’s increased cyberthreats because of the invasion of Ukraine, the latest APT41 hack should remind us that the bigger long-term danger emanates from Beijing.
The CCP buys its way into computers as well, most recently by purchasing 21 Facebook ads in Azerbaijan, Hong Kong, Kazakhstan, Tajikistan, Turkmenistan, Uzbekistan, and likely, many other countries. These ads repeat Russian propaganda about the Ukraine war, including anti-NATO messaging.
Another CCP campaign augments Russian conspiracy theories about “dangerous” U.S. biolabs in Ukraine. This propaganda could be part of a false flag operation to blame the United States for any future use, by Russia, of biological weapons.
On March 9, the U.S. State Department denied the allegations.
“The United States does not own or operate any chemical or biological laboratories in Ukraine, it is in full compliance with its obligations under the Chemical Weapons Convention and Biological Weapons Convention, and it does not develop or possess such weapons anywhere. It is Russia that has active chemical and biological weapons programs and is in violation” of the two conventions.
The U.S. public needs more transparency about not only the threat from Russia, which is increasingly serious, but from China as well. The U.S. State Department should denounce not only Russia, but China for its Ukraine-related propaganda against the United States.
Google also should be more transparent, fully disclosing to the public the states that APT41 breached to put them on public notice: Improve cybersecurity or get voted out of office.
The Chinese regime’s global hacking and propaganda campaigns make clear that its organizations are criminal actors coordinating with other rogue states against democracy. Their links to Russia, Iran, and North Korea—all of which use hacking and propaganda as tools of dictatorship— show that we need better protections of American and allied businesses and local governments.
We should more effectively exclude these countries’ hackers from the global internet.
The U.S. Justice Department’s indictment of the five APT41 hackers in 2020 was in absentia, meaning that none of them were around to actually be convicted and serve time. Clearly, such symbolic slaps on the wrist are ineffective.
It’s time for the spirit of the American cowboy to bring out bigger guns: economic sanctions against the entire Chinese economy, only to be removed when the regime stops its hacking of America’s information privacy and ends its dangerous propagandizing once and for all.
