Pearls and Irritations

Top spy agency urges Chinese citizens to step up cybersecurity as attacks by overseas agencies have been ‘rampant’ in recent years. The message comes as Beijing broadens scope of anti-espionage law to cover online attacks and prepares to expand penalties for data violations.

China’s state security authority warned that the networks of “hundreds” of Chinese business and government units have been infiltrated by an overseas hacking group and urged citizens to step up cybersecurity.

The Ministry of State Security on Thursday posted a message on its official WeChat account to highlight hacking and ransom risks, which it said could cause “huge economic losses and leakage of sensitive information” as cyberattacks by foreign agencies have been “rampant” in recent years.

“If [sensitive and secret information] were collected by foreign spy agencies or someone with an ill intention, it could endanger our national security severely,” it said.

Beijing has expanded efforts in cybersecurity compliance in recent years amid a perceived increase in attacks by foreign agencies.

China and the United States, in particular, have exchanged accusations of state-backed cyberattacks with targets ranging from universities to critical infrastructure and supply chains.

The WeChat post gave one example of a typical attack in which a “hi-tech enterprise” was blackmailed after its infosystem and data were encrypted and controlled by one foreign hacking group, interrupting daily operations.

It also said: “The foreign hacking group has also infiltrated hundreds of networks of domestic business and government units, in preparation for larger scale criminal activities.”

It did not identify the hacking group’s name or location.

The ministry also said hackers often used phishing emails, targeted software loopholes and injected code to gain access to a victim’s device. The ministry urged people and organisations to report any attacks or ransom threats to national security authorities.

The ministry said earlier this week on WeChat that foreign forces had increased efforts to spy on and collect information from Chinese “information infrastructure”, creating “real threats” to national security.

It stressed that authorities have the right to “freeze assets or [impose] other sanctions” if foreign individuals or organisations “attack, invade, interfere, or damage” the country’s critical information infrastructure.

China enacted the Cybersecurity Law in 2016 to establish a framework for cyberspace sovereignty and to govern the storage and transfer of personal information and important data by network operators.

It later implemented the Data Security Law in 2021 to further regulate the ways that data should be managed and processed.

The country has intensified its monitoring of small and medium-sized enterprises to implement technical safety measures. It is also preparing to expand the severity and scope of penalties for data protection violations under the Cybersecurity Law this year.

The chairman of the top legislature’s standing committee, Zhao Leji, named the revision of the law as one China’s national security legislative tasks this year during the National People’s Congress annual meeting earlier this month.

China has expanded counter-espionage efforts in recent years, including expanding the scope of its anti-espionage law last year to cover cyberattacks. Beijing has increasingly warned of intelligence threats from overseas and accused the United States of hacking networks like Huawei’s.

But China has also been accused of breaching foreign government networks and planting malware in US infrastructure networks – an accusation it has consistently denied.

Republished fro the South China Morning Post , March 21, 2024

Share and Enjoy !

SHARE TWEET SHARE COPY EMAIL PRINT