By Ian Thornton-Trump, CISO, Cyjax
“There are three ways to make a living in this business: be first, be smarter, or cheat.” So says Jeremy Irons’ CEO at the climactic meeting in financial crisis drama Margin Call. “Now, I don’t cheat.”
While we should be wary of taking moral lessons from someone who, in this fictionalized recounting, kickstarts the 2008 financial crash, there are those who do cheat to be better at business. Not a person, or a corporation, but the People’s Republic of China.
China’s domestic market is kept strong and competitive by a strategy with hacking and cybercrime as key elements. Why does it do this, and how?
Slowing Growth
China is rightly regarded as an economic powerhouse, but there are indications that growth is slowing down. In 2020, a plan was put in place to double the size of the economy in fifteen years. But the IMF estimates that China’s GDP growth will be below 4% in the coming years, well below ambitions. Other estimates put growth as low as 3%, and likely to fall to 2% by 2030.
We can see the problem by looking specifically at the property sector, which contributes around a quarter of China’s GDP. The early 2000s saw a boom following the privatization of property, but at least 60 developers have collapsed since 2020. The most valuable real estate company in the world was ordered to liquidate in early 2024, and there are fears that others are overleveraged and may meet the same fate.
Manufacturing has also fallen. Factory activity has fallen. In 2023, the Purchasing Managers Index, a useful indicator of manufacturing activity, fell for five consecutive months, then fell again after a short rise. Consumer prices are also close to deflation.
It’s difficult to evaluate these figures, as there is no independent verification of Chinese government statistics, but the outlook is not as hoped. But with the People’s Bank of China suggesting that it will step up policy adjustments to promote a rebound in prices, it’s safe to assume that not all is going to plan.
There are other challenges: unemployment figures are high, at least until June 2023, when publication ceased. Jobs for university graduates are scarce, and salaries are down. There is also a demographic problem in the offing, with low birth rates despite the abolishment of the One Child Policy in 2015. China is faced with a problem many countries are facing—an aging population supported by a declining workforce.
In short: the Chinese economy is struggling. But that isn’t holding back its sophistication when it comes to cyber espionage.
The Secret Ingredient is Cybercrime
China has used cyber capabilities to further its interests since at least 2006. In the popular imagination, this is used to “disrupt the west”, and there is some truth in this. For example, it was reported last year that hackers had infiltrated water utilities, oil pipelines, and ports.
These attacks were, according to some, state-backed Chinese hackers targeting US critical infrastructure in order to lay the technical groundwork for the disruption of communications between the US and Asia during future crises.
But there is more to these hacking attempts than disruption. It’s often about information, specifically business information that can help support the Chinese economy. There have been several high profile examples of this type of attack linked to China.
Operation Soft Cell targets internet-facing Microsoft Exchange servers, particularly in the telecoms, financial, and government sectors in an attempt to steal information. Sandman delivers malware in an attempt to subvert systems. VoltTyphoon in particular targets organisations with the intent of gathering information.
China’s approach to cybercrime is not just to disrupt, but to steal information that can further its economic interests. It is pursuing a strategy of extracting technologies from Western companies, which it can then put to use. This is backed up by creating a protected domestic market—by using subsidies and nontariff barriers to build national leaders, China has an advantage as it competes globally.
The control of businesses in China is highly regulated, making it difficult for foreigners to control businesses or for foreign-owned businesses to operate within the country. This protectionism could easily mean that Chinese businesses would find it difficult to be competitive in an international market, but the use of cybercrime to steal information helps to redress the balance.
Expect More of The Same
According to the security think tank CSIS, China has carried out a twenty-year campaign of cyber and non-cyber espionage, the result described by General Keith Alexander as a theft of industrial information and intellectual property through cyber espionage which constitutes the “greatest transfer of wealth in history.”
The head of the Australian Security Intelligence Organisation has described China’s approach to cyber espionage as “well beyond traditional espionage and…the most sustained, scaled and sophisticated theft of intellectual property and acquisition of expertise that is unprecedented in human history”.
China’s current economic woes are only likely to make the problem worse. As growth targets are missed and deflation becomes a real possibility, it’s very likely that we will see official policies that will aim to address the problem—along with an increase in sanctioned but unofficial cyber espionage.
This year, we’re likely to see disruptive activity from China-affiliated threat groups, especially with so many elections taking place across the globe. Nation states will continue to test their cyber capabilities for disruption just as they test other defensive capabilities. But China’s cybercrime program will continue to have another aim, embracing espionage to support a growth economy, while also developing market-based economies in Africa and South America.
Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
