Ben Read, director of cyberespionage analysis at US cybersecurity firm Mandiant, says China’s state media push of alleged US hacking seems to be consistent, but it mostly contains older information. “Everything that I’ve seen they’ve written about, they tie back to the US through either the Snowden leaks or Shadow Brokers,” Read says.
Pangu Lab’s February report on Bvp47—the only publication on its website—says it initially discovered the details in 2013 but pieced them together after the Shadow Brokers leaks in 2017. “The report was based on a decade-old malware, and the decryption key is the same” as in WikiLeaks, Che says. The details of HIVE and NOPEN have also been available for years. Neither Pangu Labs or Qihoo 360, which has been on the US government sanctions list since 2020, responded to requests for comment on their research or methodology. Although a Pangu spokesperson previously said it recently published the old details, and it had taken a long time to analyze the data.
Megha Pardhi, a China researcher at Takshashila Institution, an Indian think tank, says the publications and follow-up comments from officials can serve multiple purposes. Internally, China can use it for propaganda and to send a message to the US that it has the capability to attribute cyber activity. But beyond this, there is a warning to other countries, Pardhi says. “The message is that even though you’re allied with the United States, they’re still gonna come after you.”
“We oppose and crack down in accordance with law all forms of cyberespionage and attacks,” Liu Pengyu, a spokesperson for the Chinese Embassy in the US, says in a statement. Liu did not respond directly to questions around the apparent uptick in finger-pointing at the US this year, the evidence that was being used to do so, or why this may be happening years after details originally emerged. China is widely considered to be one of the most sophisticated and active state cyber actors—involved in spying, hacking for espionage, and gathering data. Western officials consider the country to be the biggest cyber threat, ahead of Russia, Iran, and North Korea.
“Recently, there have been many reports of US carrying cyber theft and attacks on China and the whole world,” Liu says in a statement that reflects comments made by China’s Foreign Ministry spokespeople this year. “The US should reflect on itself and join others to jointly safeguard peace and security in cyberspace with a responsible attitude.”
Many of the disclosures in 2022—there are only a handful of previous Chinese accusations against the US—stem from private cybersecurity companies. This is similar to how Western cybersecurity companies report their findings; they are not always incorporated into government talking points, however, and state-backed media is all but nonexistent.
The potential shift in tactics could play into wider policies around technology use and development. In recent years, China’s policies have focused on positioning itself as a dominant force in technology standards in everything from 5G to quantum computers. A raft of new cybersecurity and privacy laws have detailed how companies should handle data and protect national information—including the potential for hoarding previously unknown vulnerabilities.