©2021 Reporters Post24. All Rights Reserved.
TOKYO — China is increasingly suspected of making “white hat” hackers, who are usually employed to find weaknesses in cybersecurity, complicit in cyberattacks, accelerating the country’s offensive efforts in the field by effectively mobilizing its world-class private hackers.
An investigation by Nikkei other organizations had found that since 2021 — when it became mandatory in China to report vulnerabilities in software and other products to the government — the number of attacks in which Chinese involvement is suspected has increased sharply.
One of the responsibilities of white hats working for security companies or as freelancers is bug hunting — in which they discover vulnerabilities, report them to the developer, and receive compensation. The developer creates a patch and asks users to install it to improve the safety of the product.
In September 2021, the Chinese government made it mandatory for companies and individuals to report vulnerabilities to the Ministry of Industry and Information Technology within 48 hours of discovering them.
Criticism was raised in Europe and the U.S. that vulnerabilities could be exploited before a patch was developed. Chinese media reported in late 2021 that the ministry had suspended Alibaba Group Holding’s cloud computing operation from a cybersecurity partnership for six months over failing to report.
Files apparently leaked from Chinese cybersecurity company i-Soon show evidence of the government exploiting software vulnerabilities. © APNikkei, in cooperation with cybersecurity software company Trend Micro, collected data on 222 software vulnerabilities that the U.S. government and others have pointed out are being exploited by hacker groups believed to be connected to the Chinese government to infiltrate networks.
A search on OTX, which aggregates reports on cyberattack methods, found a total of 1,047 attacks exploiting these vulnerabilities.
There were 16 cases in 2021, when the vulnerability reporting obligation began, and the figure soared to 267 in 2022. Cases nearly doubled again to 502 in 2023. This year is on a similar pace, with 242 cases recorded in the first half.
“In the past, the main method of cyberattack was phishing, which involves tricking victims into downloading malware by email, but now vulnerability attacks are the mainstream,” said Katsuyuki Okamoto, a cybersecurity expert at Trend Micro.
Following Microsoft’s introduction of phishing countermeasures in 2022, Russian hacker groups have shown a similar trend. But “China has changed its policy the most clearly,” Okamoto said.
The bug-hunting skills of Chinese white hats are highly regarded worldwide. The percentage of the total prize money at the world’s largest hacking contest, Pwn2Own, won by Chinese hackers steadily increased from 13% in 2014 to 79% in 2017, according to the Center for Security Studies at ETH Zurich in Switzerland.
In 2018, China banned Chinese white hats from taking part in overseas hacking contests. The Tianfu Cup, China’s version of Pwn2Own, has become the country’s main arena for cybersecurity competition.
“Chinese hackers had contributed their high degree of skills to uncovering vulnerabilities, but they have had almost no interactions with the rest of the world since 2018,” said Chen Chung-Kuan, senior researcher at Taiwan-based cybersecurity firm CyCraft Technology.
Vulnerabilities discovered during the Tianfu Cup have been exploited by the Chinese government, suggest leaked files that appear to be from Chinese cybersecurity company i-Soon.
The files, which were revealed in February, included what appeared to be records of online chats involving CEO Wu Haibo. In one chat, Wu said software that targets a vulnerability in iOS, the operating system used in iPhones, had been given to Chinese state security.
Wu asked whether i-Soon could get its hands on the software. The i-Soon executive Wu was chatting with said Chinese state security had provided it for the government of Jiangsu province, to which Wu replied that this happened “every year.”
According to Taiwan-based cybersecurity firm TeamT5, which analyzed the leaked files, i-Soon has employed many self-described white hats, but much of its work has been commissioned by Chinese state security.
The company has provided the Chinese government with a tool that remotely extracts data from iPhones, and has sold it data reportedly stolen from 18 countries and regions, including Taiwan and India, according to TeamT5.
“There’s an arrangement in which private-sector hackers not only discover vulnerabilities but also attack other countries as part of their business with the Chinese government,” said Hiroki Iwai, CEO of Tokyo-based cybersecurity firm Sighnt.
