Spy games: When Chinese hackers targeted foreign polls, governments

3 weeks ago

While the attempt to directly target a top US leader seems new, China has a long history of disrupting foreign elections and institutions.

Aakash Sharma

New Delhi,UPDATED: Oct 29, 2024 17:54 IST

China’s government-linked hackers are in the news again. They’ve reportedly targeted the phone data of US presidential candidate Donald Trump and his running mate JD Vance at the height of elections. But China has a long history of targeting polls and institutions abroad. Let's have a relook.

China state-linked “Salt Typhoon” hacking group is suspected of infiltrating major American telecom companies, including Verizon, to access sensitive information. As per the New York Times, staff members of Vice President Kamala Harris were also on target.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) were investigating the “unauthorised access” into telecom systems allegedly tied to China-affiliated hackers.

HISTORY OF CHINA-BACKED CYBER ESPIONAGE

Salt Typhoon, part of a network of espionage-driven hacking groups identified by Microsoft, specialises in low-profile cyber intrusions. The group typically targets network infrastructure such as routers to establish a persistent foothold, gathering intelligence while avoiding detection.

Using “Living off the Land” (LOTL) techniques that exploit legitimate system tools, Salt Typhoon can bypass security measures and continue undetected.

This attack mirrors previous high-profile incidents attributed to China-backed hackers:

Cambodia's 2018 election interference: Ahead of Cambodia’s 2018 election, a Chinese group known as TEMP.Periscope reportedly infiltrated Cambodia’s Election Commission. Targeting both government entities and pro-democracy advocates, they relied on spear-phishing and surveillance, sparking concerns over foreign influence in regional elections.

New Zealand parliament: In 2021, New Zealand’s intelligence services linked a cyber attack on parliamentary entities to Advanced Persistent Threat 40 (APT40), another China-linked group. This incident marked a significant escalation in Chinese cyber interference with Western political institutions.

UK parliament & electoral commission: In the UK, Chinese cyber actors, particularly APT31, reportedly accessed parliamentary email accounts in 2021. Around the same time, China-linked hackers compromised the UK Electoral Commission, pointing to Beijing’s interest in British democratic institutions.

Operation diplomatic specter: A sophisticated Chinese cyber campaign, Operation Diplomatic Specter, has targeted government servers in the Middle East, Africa, and Asia. Infiltrating official mail servers, this campaign extracts intelligence on foreign diplomatic and political activities, reinforcing China’s global cyber influence.

Indian government data breach: Between May and October 2021, Chinese hackers accessed over 5.49GB of data from Indian government offices, underscoring China's focus on gathering intelligence from other nations' internal affairs.

Published By:

Manisha Pandey

Published On:

Oct 29, 2024

Read Full Article at Source