On 26 March, the New Zealand government informed of foreign interference by the Chinese state government-backed hacking groups, on plotting and launching cyber-attacks against their parliament and their security system in 2021. New Zealand joined the UK  and the US, charging similar accusations against China. Both UK and US imposed sanctions against Chinese firms and individuals involved in the cyber attack. This led to a coalitionary decry against Chinese cyber threat. These attacks were allegedly meted out by an arm of the Chinese government's Ministry of State and Security. Where all three countries pointed at the hacking groups also known in the cyber community as the Advanced Persistent Threat 31.

What is “Advanced Persistent Threat ”?
According to the US Department of Treasury, APTs are a group of cyber actors who are responsible for conducting malicious cyber-attacks, aiming for unauthorized collection and spying on targeted networks. APT 31 have a set of China-sponsored intelligence officers who on behalf of the Hubei State Security Department (HSSD), contact hackers and support staff to conduct cyber-attacks. The APT is different from other cyber attacks as it focuses on stealing data without being caught rather than infecting the system with malware. The lifecycle of such attacks consists of:
1.     Gathering information on the target through reconnaissance.
2.     The hackers explore the network and learn about vulnerabilities of the network.
3.     Exfiltrating data and valuable information from the network.
4.     Using covert channels and covering tracks to ensure continued stay within the system.
5.     Creating backdoors and modifying the system to ensure long-term access to the system
6.     Finally gaining intel by tricking the victims without raising any alarms.

According to an American cybersecurity firm Mandiant, there are more than 40 APTs currently functioning out of which 20 are suspected to be operated by the Chinese government or in cohorts with it.

UK, US and New Zealand: Who says what on China’s cyber threat?
On 25 March, the UK government announced that two malicious cyber attacks targeted their parliament and institutions. The first attack allegedly provided China access to the personal data of 40 million voters in 2022, by breaching into the Election Commission of UK. The second attack was targeted against UK parliamentarians and politicians, who were staunch China critics.

New Zealand’s Government Communications Security Bureau (GCSB) informed that their National Cyber Security Centre found that the Chinese state-backed Advanced Persistent Threat 40 was behind a compromised security system and parliamentary network in 2021.

The US accused China of an elaborate state-hacking attack that goes back 14 years. The hacking operation aimed to target and intimidate China critics, where the US State Department of Treasury informed that two Chinese Nationals Zhao Guangzong and Ni Gaobin targeted critical US infrastructure of defence, aerospace and energy. The cyber attack consisted of hackers sending 10,000 emails to targets all over the world, posing as prominent journalists. Once opened the email was installed with software that helped them track their location, IP address and other information.  

How is the west responding to China cyber threat?
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the sanctions against the Wuhan Xiaoruizhi Science and Technology Company, Limited. A Wuhan-based company allegedly a Chinese Ministry of State Security-backed firm was a front to cover their malicious cyber activities. With that, they imposed sanctions on two individuals involved in the attacks from China. The sanctions imposed by the US will cease all property and interests of the above actor. Any actors even linked with these entities will also be blocked unless they are authorized by the OFAC. The office prohibits all transactions by any US individual with the group. The UK sanctioned two individuals related to the same firm, where the UK froze any asset by these two individuals and they barred all UK citizens from engaging in business with them. A travel ban has also been imposed by the UK government. New Zealand is yet to reveal if they are going to take any concrete steps as they joined the decry against the attacks.

West’s Response: Greatest threat to the state 
The allegations against the Chinese government orchestrated cyber-attacks have been frequent in recent years. The revelation by the three countries led to a concerted concern against the threat. The UK Prime Minister Rishi Sunak called China “the greatest state threat to our economic security,” as they continue to assert their aggression. New Zealand’s Foreign Minister Winston Peters warned China against: “Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future.” To which the Chinese embassy in New Zealand replied that they never have or never will interfere in the domestic affairs of other countries. The UK government is also being criticized for their delayed and slow response, where some analysts believe that they appeared to be a bit reluctant to accuse China. The US Justice Department’s, Assistant Attorney General Matthew Olsen, alarmed the need to remain vigilant against the cyber security threats and their potential to influence as they approach the 2024 elections.

China’s Response: “Paranoia Casebook”
The Chinese government vehemently opposed these accusations, where they called such claims are “smear” campaign against China. The Chinese Ministry of Foreign Affairs spokesperson Lin Jian said: “Cybersecurity issues should not be politicized,” and “We hope all parties will stop spreading false information, take a responsible attitude and work together to maintain peace and security in cyberspace.”

An opinion in the Global Times, one of the flagship newspapers of China, published an op-ed titled, “The UK has scripted a big 'China threat' farce this time: Global Times editorial.” It called London’s concerns against China steering towards “absurdity.” It accused the UK of being in cohorts with the US by enthusiastically hyping up the West's “Chinese Spies” and “China threat” narrative. The Chinese-made cameras are banned under suspicion of being spy cameras and their electric cars are labelled as “four-wheel Trojan horses,” stated the Global Times. The op-ed called this accusation can be compiled into the issue of the “Paranoia casebook.” The opinion piece in turn blames Britain of espionage spearheaded by the British Intelligence Service (MI6), who consulted the head of the firms to collect information on China.

References
“Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure,” The US Department of the Treasury, 25 March 2024
Eva Corlett, “New Zealand parliament targeted in China-backed hack in 2021, spy agency says,” The Guardian, 26 March 2024
Sam Francis, Jennifer McKiernan, “UK imposes sanctions after Chinese-backed cyber-attacks,” BBC, 26 March 2024
Sylvia Hui, Eric Tucker “US and UK go after Chinese hackers accused of state-backed operation against politicians, dissidents,” Associated Press, 26 March 2024
Nick Robins, “US and UK unveil sanctions against Chinese state-backed hackers over alleged ‘malicious’ attacks,” The Guardian, 26 March 2024
Jonathan Yerushalmy, “China cyber-attacks explained: who is behind the hacking operation against the US and UK?,” The Guardian, 26 March 2024
“What Is an Advanced Persistent Threat (APT)?,” Cisco
“Millions of Americans caught up in Chinese hacking plot – US,” BBC, 26 March 2024
“The UK has scripted a big 'China threat' farce this time: Global Times editorial,” Global Times, 26 March 2024