The United States Treasury Department on Monday blame China for breaching its network and accessing information including unclassified documents.
Beijing has rejected the accusation, calling it “baseless”.
The alleged hacking comes weeks after Beijing was accused by Washington of carrying out two cyber attacks on Chinese technology companies.
Blaming the trade between Washington and Beijing, we assess the history of cyberwarfare between the world's two largest economies and whether it has escalated.
Who hijacked the US Treasury?
The US Treasury Department accused Chinese state-sponsored hackers of breaking into its system this month and gaining access to employee workstations and unclassified documents .
The department said the hackers gained access by bypassing a security key used by third-party cybersecurity provider BeyondTrust, which provides remote technical support to Treasury employees.
The Treasury Department made these details public on Monday in a letter to the US Congress. The attack was caused by an “Advanced Persistent Threat Actor (APT) based in China”, the letter said.
The department, however, did not specify the number of workstations that were put in place, the nature of the files, the exact timetable of the hack and the level of confidentiality of the stations that were compromised.
On December 8, the Treasury Department was notified of a hack from BeyondTrust. The BBC said BeyondTrust first suspected unusual activity on December 2 but took three days to discover it had been hacked.
How did the US Treasury respond?
The department said there is no evidence hackers still have access to department information and that the compromised BeyondTrust has been taken offline.
It is assessing the impact of the hack with the support of the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The hack is being investigated as a “major cybersecurity incident”.
The department's letter to Congress said additional information about the attack would be sent to US lawmakers in 30 days.
“Over the past four years, the Treasury has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from actors threat,” a spokesperson for the department said in a separate statement.
How has China responded?
China has denied the department's accusations, and the Ministry of Foreign Affairs said that Beijing condemns all kinds of attacks on spies.
“We have expressed our position many times regarding baseless allegations that have no evidence,” ministry spokesman Mao Ning was quoted as saying by AFP news agency.
A spokesman for the Chinese embassy in the US, Liu Pengyu, denied the department's allegations. “We hope that the relevant parties will adopt a professional and responsible attitude when identifying cyber incidents, basing their decisions on sufficient evidence rather than speculation and baseless allegations,” he said, according to a report from the BBC.
“The US must stop using cybersecurity to smear and criticize China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats. “
Are the US and China building cyberattacks against each other?
While the US has blamed China for cyber attacks over the years, Beijing has also accused Washington of hacking critical cyber infrastructure in recent years.
Here is a brief timeline of recent cyberattacks that both countries claim:
On December 18thThe China National Computer Network Emergency Response Technical Team/China Coordination Center (CNCERT/CC) released a statement saying that two US cyber attacks since May 2023 attempted to “steal trade secrets” from Chinese technology companies.
On December 5thUS Deputy National Security Advisor Anne Neuberger said a Chinese hacking group called Salt typhoon received communications from senior US government officials but no classified information was compromised.
A month before that, on November 13The FBI and CISA said they had uncovered a wide area cyberespionage campaign made by hackers linked to China.
The US said the hackers had compromised “private communications with a limited number of people”. Although he did not specify who these people were, they were “primarily involved in government or political activity”, the FBI and CISA said.
Weeks before the US elections in Novemberthe FBI launch an investigation following reports that Chinese hackers had targeted the President-elect's mobile phones Donald Trump and Vice President-elect JD Vance as well as people related to Kamala Harris, the Democratic presidential candidate in the race.
In July 2023US tech giant Microsoft said the China-based hacking group Storm-0558 breached the email accounts of around 25 organizations and government agencies. The hacked accounts included those belonging to US State Department employees.
In Marchthe US and the UK accused China of conducting a cyber-espionage campaign that is said to have hit millions of people, including lawmakers, journalists and defense contractors. Both countries imposed sanctions on a Chinese company after the incident. A month earlier, US authorities said they had dismantled a Chinese-backed hacker network known as Volt Typhoon.
In response, China called the accusations “completely fabricated and malicious criticism”.
In March 2022China said it experienced a series of cyberattacks that were mostly traced back to US addresses. Some were also traced back to the Netherlands and Germany, according to CNCERT/CC.
Why are cyberattacks launched?
State-sponsored actors are regularly accused of launching cyberattacks against enemies ranging from state institutions to politicians and activists. They aim to gain unauthorized access to confidential data and trade secrets or disrupt economies and critical infrastructure.
“The US and China have a history of using cyberdefense to advance their national security goals,” Rebecca Liao, CEO at tech protocol Saga, told Al Jazeera.
“Although espionage against state actors is an accepted practice, the US has protested against China's cyber attacks against US commercial entities,” said Liao, who was a member of the head campaign -President Joe Biden's 2020 term, advising on China, technology and Asia's economic policy.
“It is clear that it is not diplomatically wise to raise knowledge about the use of espionage. That's why Beijing has been so quick to deny all allegations.”
With the development of digital technology, cyberattacks are increasing worldwide, according to the German Institute for International Affairs and Security (SWP). Data from the SWP shows that cyberattacks increased from 107 in 2014 to 723 in 2023.
Cyberattacks are also carried out by individuals or organized groups who want to steal data and money.
How can countries protect themselves from cyber attacks?
The US and China “should lead a treaty on the responsible use of cyberspace”, wrote researchers Asimiyu Olayinka Adenuga and Temitope Emmanuel Abiodun from the Department of Political Science at Tai Solarin University in Nigeria in an article published in -year.
They cited the example of the treaties signed between the US and the Soviet Union as a result of the Strategic Arms Limitation Talks, SALT I and SALT II, in 1972 and 1979. Both powers signed at ' Cold War agreements to establish US-Soviet stability by limiting the production of nuclear weapons.
In their article, researchers Tai Solarin said that further technological development is needed, especially in quantum computing, which will make it more difficult to execute cyber attacks.
Victor Atkins, a fellow with the US Atlantic Council's Indo-Pacific Security Initiative, wrote in an article in February that the US should “launch a comprehensive new multilateral coalition to counter cyber threats in the Indo-Pacific” to combat cyber attacks from China.
“Ten years ago, there were some proposals about convening an international group around cybersecurity to create standards or codes of conduct that the countries involved would adhere to,” said Liao, the technical expert.
“However, none of these efforts have yielded results, and it is up to each country to defend against cyber attacks.”
Governments are currently working on developing cybersecurity infrastructure such as firewalls to protect themselves from cyber attacks such as hacking.
An article published by the University of Miami said that countries are using other practices to combat cyber threats. These include testing these cyber threats in a simulated environment. “Cyber teams regularly conduct training exercises, similar to the military,” the article said.
