Following the US hype of the so-called “Volt Typhoon” false narrative to discredit China in the first half of 2024, by the end of 2024, the US fabricated another so-called “hacker group associated with the Chinese government” – the “Salt Typhoon,” promoting the narrative of “Chinese cyber threats.” However, professionals in the field of cyberspace told the Global Times that the so-called “Salt Typhoon” not only lacks any substantial evidence but also exposes the fact that US intelligence agencies are conducting large-scale surveillance and espionage against their own citizens.
On Friday, the Global Times learned from a source that during discussions with their American counterparts, China’s diplomats on cyber affairs firmly rejected the US accusations against China regarding the individual cases such as “Salt Typhoon” and “Volt Typhoon” in the absence of evidence. They also expressed concerns about the US large-scale cyber espionage activities targeting China and the threats posed to China’s critical information infrastructure.
On the same day, China’s National Computer Network Emergency Response Technical Team Center of China (known as CNCERT) released two investigative reports, exposing two recent cyberattacks by US intelligence agencies targeting major Chinese technology firms to steal trade secrets.
‘Salt Typhoon’ – new farce to smear China
On September 25, 2024, an “exclusive” report by Wall Street Journal claimed that “hackers linked to the Chinese government have broken into a handful of US internet-service providers in recent months in pursuit of sensitive information” for preparation of future cyberattacks.
Then on October 25, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) sent a joint statement, claiming that the US government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with China.
However, a separate report by American media on October 27 denied the aforementioned hype and revealed the underlying motives behind the US media’s sensationalism regarding “Salt Typhoon.” A report by The Washington Post said, “the Salt Typhoon group is also thought to have targeted the system that tracks lawful requests for wiretaps made by the federal government of carriers. The motive there could be to figure out who the FBI and other federal agencies have under surveillance.”
It is not difficult to see that the key behind the “Salt Typhoon” is the “private eavesdropping and surveillance system” that American telecommunications companies have specifically established for federal law enforcement agencies, Li Yan, director of Institute of Technology and Cybersecurity, China Institutes of Contemporary International Relations, told the Global Times.
The essence of the so-called “Salt Typhoon” is the large-scale wiretapping and intelligence-gathering activities conducted by US intelligence agencies on its own citizens, including political figures. The breadth and scale of the surveillance targets are astonishing, Li Yan said.
Ironically, the US government has never been able to provide solid and credible evidence linking the “Salt Typhoon” to the Chinese government, and the various pieces of information in the media are vague, Li Yan noted.
The expert said that it is not difficult to see that their goal is to muddle the public discourse and divert attention because once the accusation is substantiated, the US government cannot escape responsibility. The key issue is that the authorization and legality of domestic surveillance by US intelligence agencies would provoke backlash both domestically and internationally.
Li Yan added that in this context, diverting attention and shifting blame is of utmost urgency for the perpetrators. Moreover, US intelligence agencies could continue to hype the so-called national security threats under the pretext of “Chinese hackers,” carry out large-scale surveillance, and seek to gain more departmental interests.
Zuo Xiaodong, a professor at the School of Cybersecurity at the University of Science and Technology of China, told a Global Times that the so-called “Salt Typhoon” incident is a complete fabrication with no substantial evidence, and it is suspected to be a self-directed and self-performed operation by the US.
In simple terms, “Salt Typhoon” refers to claims made by US media that hackers have stolen data from US telecommunications agencies regarding surveillance on American citizens, which precisely exposes “the tip of the iceberg” of the large-scale surveillance conducted by US intelligence agencies, Zuo Xiaodong said.
The expert believed the US fabricating and sensationalizing the “Salt Typhoon” is to elevate the “China threat theory” to the “China cyber threat theory,” attempting to isolate China globally and create momentum for establishing international rules in cyberspace that are favorable to the US.
Latest reports: US cyberattacks China’s tech firms
Despite the US’ ongoing efforts to smear China by accusing it of “cyberattacks,” the fact is that the US is the largest source of cyberattacks in the world. According to media reports, on December 18, 2024, China’s National Computer Network Emergency Response Technical Team Center of China (known as CNCERT) reported two incidents of cyber espionage by US intelligence agencies targeting large technology enterprises in our country. On Friday, the CNCERT released detailed investigation findings regarding these incidents.
In one case, it said that starting from August 2024, a certain advanced materials design research unit in China was suspected to have been targeted by a cyberattack from US intelligence agencies. Analysis revealed that the attackers exploited a vulnerability in a domestic electronic document security management system to infiltrate the company’s software upgrade management server. Through the software upgrade service, they delivered control trojans to over 270 host machines of the company, stealing a large amount of commercial secrets and intellectual property.
“The attacks mainly occurred from Monday to Friday US time, with no attacks reported during major US holidays,” the report stated. “The five proxy IPs used by the attackers were completely unique and located in Germany, Romania, and other places, reflecting their high awareness of anti-tracing and a rich reserve of attack resources.”
In addition, starting from May 2023, a large high-tech enterprise in China specializing in smart energy and digital information was suspected to have been attacked by US intelligence agencies. Analysis revealed that the attackers used multiple overseas proxies to exploit vulnerabilities in Microsoft Exchange, infiltrating and taking control of the company’s email server and implanting backdoor programs to continuously steal email data. At the same time, the attackers used the email server as a springboard to attack and control more than 30 devices belonging to the company and its subsidiaries, stealing a large amount of the company’s trade secrets.
Multiple facts indicate that documents previously disclosed by Snowden further reveal that the US has conducted the broadest range of cyber espionage and surveillance operations against China and the entire world to date. According to reports from Chinese security agencies and enterprises, the US has been conducting cyberattacks and espionage globally, including against China and the US’ own allies. Furthermore, it has deliberately inserted strings in Chinese and other languages to mislead attribution analysis and frame other countries, Zuo Xiaodong said.
‘US should maintain cybersecurity with responsible attitude’
Chinese Foreign Ministry spokesperson Guo Jiakun stated at Friday’s press briefing that the report by CNCERT brought to light again the attempts by the US government to conduct cyberattacks and theft of trade secrets and intellectual property targeting China.
Guo expressed serious concerns about such attempts, and urged the US to immediately stop the malicious activities. China will take necessary measures to safeguard its own cyber security and interests, Guo said.
Cyberspace bears on national security and economic prosperity of all countries. The US should reflect on what it’s doing, and stop its political smears. The US should live up to its standards first before asking other countries to do the same, responsibly observe the same international rules respected by other countries, and work with the international community to maintain peace and security in cyberspace, Guo said.
