China has reiterated claims that last month's cybersecurity attack on a Wuhan facility was the work of U.S. intelligence agencies, pointing to a "very complex" malware used in the incident.
The Wuhan Earthquake Monitoring Center on July 26 was reported to be the victim of an attack that appeared to originate from government-backed hackers in the U.S. The allegations state the attack targeted network equipment that collected seismic intensity data, which measured the magnitude of earthquakes and contained information concerning national security, according to the Wuhan Municipal Emergency Management Bureau. Information on military defense facilities, for example, is taken into account in determining seismic intensity.
In the weeks following the attack, investigations have uncovered "malicious backdoor software that exhibits characteristics of US intelligence agencies", according to a report Monday by state-owned media Global Times. Investigations were conducted jointly by China's National Computer Virus Emergency Response Center (CVERC) and local cybersecurity vendor 360.
CVERC's senior engineer Du Zhenhua said in the report that the country collects data to better monitor and detect geological disasters and provide early warning. Such data can offer valuable insights into military intelligence, he said.
Chinese officials suggest that accessing relevant data from seismic monitoring centers can enable hackers to estimate underground structures of a specific area and assess if it is a military base. This data will prove useful to foreign military intelligence agencies, such as the U.S. Department of Defense.
Du added that cybersecurity attacks could damage monitoring systems, rendering them ineffective in giving accurate data in the event of an earthquake, or could lead to them triggering false alarms. These issues could fuel social panic and lead to serious consequences, he said.
Remote sensing and telemetry systems -- and the data they contain -- are critical national resources that must be given priority protection, said Xiao Xinguang, who is a member of the National Committee of the Chinese People's Political Consultative Conference, and also chief software architect of local antivirus vendor Antiy Labs.
"US intelligence agencies not only actively collect various signal intelligence, but have also long obtained other countries' comprehensive earth system science remote-sensing and telemetry data as strategic intelligence through various means," Xiao told Global Times. "This includes sharing through allied intelligence mechanisms, coercing high-tech companies to provide it, and using academic and scientific research activities."
The report pointed to Prism and WikiLeaks as documented examples of the U.S. government's surveillance of other foreign leaders, including allies.
ZDNET emailed both the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) seeking their responses on several questions, including on China's latest allegations, whether the Chinese government had been in touch regarding its findings on the Wuhan cyberattack, and whether the U.S. had observed a rise or drop in nation-state attacks from China this year.
A CISA spokesperson did not comment on any of the questions, replying instead with a one-line reference to its advisories and an overview of China's cyber threat. It has similar landing pages for Russia, North Korea, and Iran. On China, the U.S. government states: "China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems."
CISA and NSA early this month released a report highlighting the top software vulnerabilities commonly exploited in 2022. These included several flaws previously highlighted in 2021 and used by China's state-sponsored cyber actors, according to the August 3 statement released by the U.S. security agencies and their Five Eyes counterparts comprising Australia, New Zealand, Canada, and the U.K.