FBI and MI5 Declare China the Biggest Long-Term Threat to the US and UK

Speaking alongside MI5 head Ken McCallum in London on July 6th, FBI Director Christopher Wray called China the “biggest long-term threat” to both the U.S. and the U.K.

Use multifactor authentication (MFA) when offered

Many employers are now enforcing the use of multifactor authentication (MFA) for employee email accounts and other cloud services they use. There is a reason for this. Relying on a password alone to protect your online accounts is a risky practice as passwords can be easily cracked or stolen by cybercriminals. You should take advantage of MFA whenever it is offered. Check the websites of your banking and financial accounts to see if they offer MFA. All the major cloud services such as Google offer MFA options such as SMS texting or a FIBO key.

“The Chinese government is set on stealing your technology — whatever it is that makes your industry tick– and using it to undercut your business and dominate your market,” Wray said while giving remarks to international business leaders. “And they’re set on using every tool at their disposal to do it.”

The Chinese, Wray said, use cyber to “steal” volumes of information. He said U.S. officials are working with MI5, the British intelligence service, to identify other investments that the Chinese government makes in proxy relationships — a kind of third-party venue through which China steals information.

Wray said that U.S. companies should be wary of working with or in China, something about which he has warned before, and he urged business leaders to contact the FBI for further information on ways to mitigate the Chinese cyber threat.

McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again.

MI5 is now running seven times as many investigations related to activities of the Chinese Communist Party compared to 2018, he added.

Wray also said China deployed cyber espionage to “cheat and steal on a massive scale”, with a hacking program larger than that of every other major country combined.

McCallum said intelligence about cyber threats had been shared with 37 countries and that in May a sophisticated threat against aerospace had been disrupted.

“China has for far too long counted on being everybody’s second-highest priority,” Wray said, adding: “They are not flying under the radar anymore.”

NSA Director Declares China Biggest Long-Term Cyberthreat

Rob Joyce, director of cybersecurity at the NSA, spoke at RSA Conference 2022 in a session on June 8th and discussed the nation-state threat actors targeting the country and the technology and tactics that are used.

“Russia is like a hurricane. If you look at the activities in Ukraine, [they’re] loud and aggressive and it is the near-term threat right now,” Joyce said. “But China is climate change. They are the long-term pacing threat for us. And if you look at the challenge we have ahead of us, we have to be ready to deal with China.”

Joyce noted that over the past several years the Chinese government has become more aggressive in stealing data and intellectual property from the U.S. and using it to bolster their military and economy. This activity, he said, has led the U.S. government to take a meticulous approach to defending against cyberthreats from China.

Joyce mentioned a recent government security advisory stating that nation-state threat actors were exploiting known vulnerabilities in network providers and devices such as routers and VPNs in order to gain access to targets in the U.S.

Joyce said the NSA is seeing China attacking routers in the U.S. to then jump to service providers of victims they want to target. He said that all kinds of routers are being breached, from enterprise models used by large telecommunications companies to small businesses devices.

He said that often routers are not able to even identify when these breaches occur, and that it is necessary for potential victims to reevaluate their security infrastructure and make it so that they are able to monitor for these kinds of attacks.

This is where Joyce said the relationship between the federal government and the private security industry is so important.

“One thing [China] leverages is our privacy protection,” Joyce said. “We at the NSA can look into the foreign space, but we can’t look into the domestic space. That is where our partnership with industry that owns and operates this has to be really tight. We try to find ways where our insights can be leveraged by industry or industry who has a lead or understanding can then tip us to look out into the foreign space and find the other end of that and continue to peel and work backwards or even upstream.”

Joyce cited specific Chinese threat groups such as Hafnium, which exploited Microsoft Exchange Server zero-day vulnerabilities, known as Proxylogon, in earlier 2021. But cyber attacks and breaches are not the only way that China is targeting the U.S. Joyce warned the country is also attempting to get into the field of spreading disinformation, which is increasingly becoming one of its main goals.

Annual Threat Assessment of the U.S. Intelligence Community

The Annual Threat Assessment of the U.S. Intelligence Community, published by the Office of the Director of National Intelligence on February 7, 2022, said this about the Chinese cyber threat (on page 8 of the report):

We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks. China’s cyber pursuits and export of related technologies increase the threats of attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its control, and the expansion of technology-driven authoritarianism globally.

China almost certainly is capable of launching cyber attacks that would disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.

China leads the world in applying surveillance and censorship to monitor its population and repress dissent, particularly among minorities. Beijing conducts cyber intrusions that affect U.S. and non-U.S. citizens beyond its borders—such as hacking journalists—to counter perceived threats to the CCP and tailor influence efforts.

China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.


Conclusion

Cyber threats today are state sponsored and coordinated and directed at US and UK interests with greater frequency and greater diversity than ever before. It’s important to have a comprehensive protection program than includes:

  1. Multi-Factor Authentication (MFA) to help minimize threats on your organization’s data,
  2. Managed Detection and Response (MDR) and Incident Response Readiness to prepare your organization to act quickly to minimize the impact of a breach (should one occur), and
  3. a Data Minimization Program and Sensitive Data Scanning as a Service (SDSaaS) to minimize the risk of exposure of your organization’s sensitive data.


HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, and more that impact your risk management program.


SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING