Title: U.S. Department of Treasury Hacked: A New Front in China‘s Cyber War
The year ended as it began for China: with a massive cyberattack. This time, the target was the U.S. Department of the Treasury, with the incident occurring early in December. While the extent of the damage is still unclear, much suggests that hackers gained access to sensitive information.
The Treasury, responsible for economic and financial policy, sits on a wealth of high-grade information and is deeply involved in the ongoing trade war with China. The department is expected to issue a report on the incident to Congress by the end of January, just as Donald Trump takes office and his supporters dominate Capitol Hill.
China’s Cyber Warfare Empire
Under the ever-radiant leadership of comrade Xi Jinping, China has been aggressively pursuing cyber warfare. Central to this effort is the Ministry of State Security and the People’s Liberation Army. The PLA’s cyber command is headquartered in a 12-story building in Shanghai, known as Unit 61398.
According to Western estimates, China’s hyperactive "cyber army" consists of around 50,000 full-time employees, supplemented by numerous private contractors working on government contracts.
The latest attack was uncovered by cybersecurity firm FireEye, which the Treasury has engaged to prevent unauthorized access. The U.S. has long been a prime target for Chinese hackers, with FBI Director Christopher Wray repeatedly warning about China’s relentless cyber warfare. In 2020, he described China as the "world’s most aggressive cyber threat."
The hacking group responsible for this latest attack, Volt Typhoon, has been a persistent thorn in the side of U.S. officials, businesses, and private citizens. Alongside other Chinese actors, Volt Typhoon is reportedly capable of crippling critical U.S. infrastructure, including telecommunications, electricity, and water supplies.
Volt Typhoon has also targeted U.S. military bases, including Guam, which is a crucial link in the U.S.’s Asian defense network. This attack set off alarm bells within the Five Eyes intelligence alliance. As Trump takes office, he will need to address how the U.S. should respond to China’s growing cyber threat.
Trump Himself Targeted
During the 2020 election campaign, Trump himself was targeted by Chinese hackers – without his knowledge. According to the FBI, China attempted to infiltrate the telecommunications of numerous U.S. politicians, including Trump and his vice-presidential candidate, J.D. Vance. This revelation was first reported in The New York Times.
Following this incident, the U.S. government urged telecommunications companies to bolster their security to protect customers and the nation. So far, nine major U.S. telecoms have been targeted by Chinese hackers, with the culprit identified as a different group, Salt Typhoon.
Earlier in 2020, the FBI revealed a major Chinese hacking operation, Flax Typhoon, which had successfully installed malicious software in over 200,000 electronic devices, including cameras, video recorders, and routers. Consumers in other countries have also been affected.
In March, seven Chinese nationals were indicted for sending thousands of virus-laden emails to U.S. politicians and officials over a 14-year period. The U.S. State Department has offered a $10 million reward for information leading to the arrest of those responsible.
Trump has vowed to impose a 60% tariff on Chinese imports as soon as he takes office. Recent events are unlikely to soften his stance, despite China’s apparent attempts to curry favor with him.
Taiwan: China’s Primary Target
In his New Year’s speech, Xi Jinping did not mention the U.S. once but was clear that Taiwan would eventually be reunited with the People’s Republic of China. Taiwan has also seen a surge in cyberattacks from the mainland, with around 90,000 attacks recorded in August 2020 alone. The targets included both public and private entities.
Taiwan’s defense minister has described the island as Beijing’s most "cyber-bombarded" target, with the aim of creating uncertainty and undermining its defenses. Xi has set a deadline of 2027 for the People’s Liberation Army to be capable of invading Taiwan.
Democracies worldwide, from Japan to the U.S. and Canada, are all targets of China’s hacker army. Norway, too, is a potential target, despite Norwegian politicians’ hopes for a cooperative relationship with the Eastern giant, even a free trade agreement.
Norway’s Experiences with Chinese Cyberattacks
In 2018, several Norwegian government agencies were targeted in a major hacking incident. The Norwegian Police Security Service (PST) launched an investigation and traced the attack back to China, specifically to the group APT31. According to a report by the Norwegian Defence Research Establishment (FFI), the group managed to extract 1.2 gigabytes of data. APT31 had previously carried out similar attacks in Norway.
In 2020, another Chinese actor breached the Storting’s email system. Then-Foreign Minister Ine Eriksen Søreide summoned the Chinese ambassador to express her displeasure. The ambassador, of course, denied any Chinese involvement.
China’s cyberwar against Norway continues unabated. In 2021, a Norwegian shipping company was targeted by the Mustang Panda group, with other shipping companies later also falling victim. These attacks were part of a larger operation targeting commercial shipping in Europe.
Norway is the world’s fourth-largest shipping nation, which may explain China’s interest in the country. Richard Utne, who leads the Maritime Security Division at the Norwegian Coastal Administration, suggests as much.
Major Norwegian companies like Norsk Hydro, Telenor, and Visma have also been targeted. The cyberattack on Norsk Hydro cost the company NOK 800 million. Ironically, Norsk Hydro was one of the first Norwegian companies to establish itself in China in the 1980s.
Both PST and the National Security Authority (NSM) have warned in recent years about China’s hostile activities against Norway. Both agencies emphasize the need for Norwegian companies, large and small, to strengthen their cyber defenses and plug any potential "holes" in their data systems.
China’s Cyber Talent Hunt
Xi Jinping took over as Communist Party leader in 2012 and as president the following year. In his powerful dual role, he was quick to declare that China must become a "cyber superpower."
In an era where hybrid warfare is becoming increasingly common, Xi’s loyal underlings have eagerly embraced the challenge. Every year, the government hosts national talent competitions to attract the sharpest cyber minds.
Young hackers with the world as their playground are highly valued in Beijing. Western experts emphasize that China’s cyber program is both extensive and long-term, with the country building its cyber capabilities brick by brick, just as it did with the Great Wall – and now, it’s attacking.
This article was originally published on the author’s Facebook page.
