The Wuhan Earthquake Monitoring Center (WEMC), a crucial geological data gathering institution in China, recently faced a cyberattack orchestrated by an unidentified overseas entity. Zhou Hongyi, co-founder of 360 Security Technology, in a revealing interview with Global Times, provided insights into the intent of these cyber infiltrations. The motives, he noted, centered around the acquisition of highly sensitive geological data. The steps taken by various Chinese entities in counteracting such national-level cyberattacks are laudable and highlight their resilience.
As the realm of cybersecurity continues to evolve, experts are warning about a new threat landscape wherein cyber warfare is becoming a potent weapon. The global environment, fraught with geopolitical tensions and diverse conflicts, provides fertile ground for such cyber operations. Given the lethal and destructive potential of cyberattacks, the experts have called for the implementation of proactive measures. These may include building an exhaustive database of security incidents across networks, and harnessing the power of artificial intelligence to bolster automation and intelligence levels in cybersecurity mechanisms.
The Global Times, in an exclusive report on July 26, had disclosed an alarming fact. The WEMC, which operates under the Wuhan Municipal Emergency Management Bureau, had found their seismic early warning data collection devices riddled with backdoor programs. The local authorities initiated a prompt investigation into the matter. The preliminary evidence indicated that these cyber infiltrations were the handiwork of hacker groups and other malevolent entities, all with governmental backgrounds and stationed outside China.
Both Northwestern Polytechnical University (NWPU) and the Wuhan Municipal Emergency Management Bureau have demonstrated their resilience against such cyberattacks, successfully repelling them and even creating crucial opportunities for the detection and prevention of such large-scale, national-level attacks. Zhou expressed great appreciation for these organizations, stating that their actions were of enormous significance and deserved wide recognition.
In response to the cyberattack on WEMC, experts from the National Computer Virus Emergency Response Center (CVERC) and 360 Security Technology descended upon Wuhan to conduct an in-depth investigation. Initial findings reiterated Zhou’s earlier assertion about the motive being the theft of geological data. “Geological information is intrinsically linked to battlefield terrain. Its theft and subsequent association with military activities can lead to dire consequences,” Zhou warned.
NWPU and the Wuhan center, acting responsibly, went public about the cyberattacks, notifying the public security bureau about these overseas-initiated infiltrations. Their responsible and proactive approach, according to Zhou, deserved “high recognition.” Responding to national-level Advanced Persistent Threat (APT) attacks calls for a concerted effort involving multiple stakeholders, including the government, enterprises, internet security companies, and organizations. Unfortunately, the fear of accountability often deters some involved units, causing a significant hurdle in APT investigations, which subsequently impedes complete and thorough analysis. Such incomplete analyses are extremely harmful to the country’s overall response to APT attacks.
Emphasizing the importance of exposing and resisting these cyberattacks, Zhou said, “By fully exposing cyberattacks from overseas, we are safeguarding our national interests in cyberspace. We are also ensuring peace and security in global cyberspace, and this is of great significance.” The reluctance of certain units to take responsibility results in obstacles such as “difficult access,” which may lead to the loss of crucial evidence necessary for analyzing APT attacks.
Discussing the invisible nature of the challenge posed by national-level APT organizations, Zhou explained how these entities frequently target Chinese government institutions, industry-leading companies, universities, medical institutions, and research organizations, with the intent to steal data and intelligence and cause damage. Their main advantage lies in their invisibility, making it challenging to counteract their attacks.
The evolving landscape of cyberspace is turning it into the main battlefield for international conflict. The Russia-Ukraine conflict serves as a potent reminder for China to strengthen its cyber defense infrastructure, considering the possibility of cyberattacks leading to drastic situations like power outages and disruptions to energy and food supplies.
In February, Chinese cybersecurity experts identified a hacker group originating from Europe and North America. The group has been launching persistent cyberattacks on China, threatening the country’s cybersecurity and data security.
The international situation remains complex and turbulent, with an intensifying power game playing out. The militarization of cyberspace is accelerating, and cyber warfare is becoming the go-to weapon for various countries or forces to attack others. Unlike conventional warfare, cyber warfare doesn’t differentiate between wartime and peacetime, as attacks can be launched anytime due to their low cost, effectiveness, controllable intensity, and the difficulty of identifying the attacker for counterattacks.
Facing powerful attacks but ineffective methods, Zhou proposed building a secure big data infrastructure and establishing a comprehensive database of security incidents across networks to aid users in their defense against threats and attacks.
“Secure big data, intelligence, and knowledge are the foundation and key to identify and capture traces of cyberattacks,” he said, underscoring the need for government and businesses to establish a dynamic database of security incidents across networks. He pointed out the particular importance of endpoint data, as around 80 percent of APT attacks target the endpoint environment.
In September 2022, China Cybersecurity Week showcased technologies like quantum encryption, big data anti-fraud systems, and AI-enabled forgery detection methods at a cybersecurity-themed expo in Hefei, Anhui Province, signifying China’s relentless effort in strengthening cybersecurity.
A report by the China Internet Network Information Center in August 2022 revealed that 63.2 percent of China’s internet users reported not encountering any cybersecurity problems over the past six months, showing a marginal increase from December 2021. In recent years, China has also ramped up its legal protection in cybersecurity, enacting a national strategy on cyberspace security and a series of laws and regulations, including a data security law and a personal information protection law.
Read More: