美国指责中国黑客攻击美国关键基础设施

【中美创新时报2024年3月26日编译讯】美国周一对中国黑客实施制裁，并指责他们充当北京最高间谍机构的幌子，这是在美国电网、供水系统和其他关键基础设施中植入恶意软件的广泛努力的一部分。《纽约时报》记者David E. Sanger 和 Alan Rappeport 对此作了下述报道。

此次制裁是拜登政府与北京之间日益激烈的竞争的重大升级。

尽管迄今为止还没有中国政府关闭基本服务的案例，但美国情报机构近几个月警告称，该恶意软件似乎是在美国援助台湾时使用的。

根据一系列情报调查结果，通过关闭对军事基地和平民的关键服务，中国将试图让美国人变得内向——担心他们自己的电力、食物和水的供应，而不是援助北京所不知道的一个遥远的岛屿。声称是自己的。

这些制裁是美国和英国共同努力打击中国黑客入侵重要服务的一部分。在宣布新措施时，财政部将国家支持的恶意网络行为者描述为“对美国国家安全最大、最持久的威胁之一”。

制裁措施是在司法部宣布对七名中国公民提出指控时公布的，这些中国公民被控串谋实施计算机入侵和电信欺诈。

这些黑客属于一个名为“高级持续威胁 31”（APT31）的组织，该组织在过去 14 年里一直以美国公司、政府和政治官员、候选人和竞选人员为目标。

司法部长梅里克·加兰 (Merrick Garland) 表示：“这起案件提醒人们，中国政府愿意瞄准和恐吓批评者，包括发起旨在威胁美国及其盟友国家安全的恶意网络行动。” 在一份声明中。

据司法部称，黑客部署了 10,000 多封带有隐藏跟踪链接的电子邮件，这些链接如果打开，可能会危及收件人的电子设备。他们的行动针对的是司法部官员、白宫高级官员和多名参议员。

美国财政部将武汉小睿智科技有限公司列入制裁名单，并将其描述为负责网络间谍活动的中国国家安全部的“幌子公司”。据美国情报机构称，在中国政府进行重大投资后，该部门已成为北京最大的黑客行动。

该部由中国领导层直接控制，正在接替中国人民解放军，后者指挥了大部分针对美国公司的间谍活动，旨在窃取企业机密或国防设计。

但中国的战略现在已经发生了变化，其首要目标似乎是找到一种方法，阻止或至少减缓华盛顿在中国领导人习近平决定试图占领台湾岛时援助台湾的军事行动。

尽管拜登总统没有公开提及这一威胁，但他的助手们一直在密切关注一项名为“伏特台风”的行动，该行动可以追溯到很多年前，但自去年初以来就愈演愈烈。过去几个月，美国一直在与对国家基础设施至关重要的美国企业密切合作，甚至上周就如何检测中国对关键系统的入侵发出了详细警告。

但周一的公告远远超出了电网和供水系统的范围。它指出一家为美国军方生产飞行模拟器的国防承包商、一家田纳西州航空航天和国防承包商以及一家阿拉巴马州航空航天和国防研究公司。

对中国实施制裁之际，拜登政府一直在努力稳定与北京的关系，寻求在打击芬太尼流动和应对气候变化方面的合作领域。这项努力始于去年年底拜登在加利福尼亚州与习近平会面，他在会上警告习近平有关美国基础设施的入侵。中国官员否认参与其中。

在伦敦，英国政府周一指责中国进行网络攻击，破坏了数千万人的投票记录。

副总理奥利弗·道登 (Oliver Dowden) 宣布对与参与袭击的国家附属组织有联系的两名个人和一家公司实施制裁，他表示袭击的目标是选举监管机构和立法者。英国外交部召见中国驻英国大使，进行正式外交训斥。

道登在议会表示：“这是源自中国的明显敌对活动模式中的最新一起。”

英国政府去年披露了监督英国选举的选举委员会遭到攻击的事件，但没有透露幕后黑手。 据信该事件始于 2021 年，持续了几个月，4000 万选民的个人信息被黑客入侵。

选举委员会表示，2014 年至 2022 年间在英国和北爱尔兰登记投票的任何人以及海外选民的姓名和地址都已被获取。

题图：虽然迄今为止还没有中国政府关闭基本服务的案例，但美国情报机构近几个月警告称，该恶意软件似乎是在美国援助台湾时使用的。 ANDY WONG /美联社

附原英文报道：

US accuses Chinese hackers of targeting critical infrastructure in America

By David E. Sanger and Alan Rappeport New York Times,Updated March 25, 2024 

WASHINGTON — The United States imposed sanctions Monday on Chinese hackers and accused them of working as a front for Beijing’s top spy agency, part of a broad effort to place malware in US electric grids, water systems, and other critical infrastructure.

The sanctions were a major escalation of what has become an increasingly heated contest between the Biden administration and Beijing.

While there have been no cases so far in which the Chinese government has turned off essential services, US intelligence agencies have warned in recent months that the malware appeared to be intended for use if the United States were coming to the aid of Taiwan.

By turning off critical services to military bases and to civilian populations, China would try, according to a series of intelligence findings, to turn Americans inward — worrying about their own supplies of electricity, food, and water rather than assisting a distant island that Beijing claims as its own.

The sanctions were part of a joint effort between the United States and Britain to crack down on Chinese hacking into vital services. In announcing the new measures, the Treasury Department described malicious state-sponsored cyberactors as “one of the greatest and most persistent threats to US national security.”

The sanctions were unveiled as the Justice Department announced charges against seven Chinese nationals accused of conspiracy to commit computer intrusions and wire fraud.

The hackers were part of a group known as Advanced Persistent Threat 31, or APT31, that has for the past 14 years targeted American companies, government and political officials, candidates, and campaign personnel.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyberoperations aimed at threatening the national security of the United States and our allies,” Attorney General Merrick Garland said in a statement.

According to the Justice Department, the hackers deployed more than 10,000 emails with hidden tracking links that could, if opened, compromise the electronic device of a recipient. Their operation targeted a Justice Department official, high-ranking White House officials, and multiple senators.

The Treasury Department added Wuhan Xiaoruizhi Science and Technology Co. to its sanctions list and described it as a “front company” for China’s ministry of state security, which ran the cyberespionage operation. The ministry has emerged as Beijing’s largest hacking operation, after a major investment by the Chinese government, according to US intelligence agencies.

The ministry — under the direct control of Chinese leadership — is taking over for the People’s Liberation Army, which directed most of the espionage attacks on American companies, intended to steal corporate secrets or defense designs.

But China’s strategy has now evolved, and its first goal appears to be finding a way to deter, or at least slow, a military effort by Washington to aid Taiwan if China’s leader, Xi Jinping, decided to try to take the island.

While President Biden has not mentioned the threat in public, his aides have been intensely focused on an operation called “Volt Typhoon” that stretches back many years — but has intensified since early last year. Over the past few months, the United States has been intensively working with American businesses that are crucial to the nation’s infrastructure and even issued a detailed warning last week on how to detect Chinese intrusions into critical systems.

But the announcement Monday went far beyond electric grids and water systems. It pointed to a defense contractor that manufactures flight simulators for the US military, a Tennessee aerospace and defense contractor, and an Alabama aerospace and defense research corporation.

The sanctions on China come as the Biden administration has been trying to stabilize relations with Beijing, seeking areas of cooperation on combating the flow of fentanyl, and fighting climate change. That effort began with Biden’s meeting with Xi in California late last year, in which he warned Xi about intrusions into US infrastructure. Chinese officials have denied they were involved.

In London, the British government on Monday accused China of cyberattacks that compromised the voting records of tens of millions of people.

The deputy prime minister, Oliver Dowden, announced sanctions against two individuals and one company linked to a state-affiliated group implicated in the attacks, which he said targeted both an elections watchdog and lawmakers. The Foreign Office summoned China’s ambassador to Britain for a formal diplomatic dressing down.

“This is the latest in a clear pattern of hostile activity originating in China,” Dowden said in Parliament.

The government disclosed the attack on the Electoral Commission, which oversees elections in the United Kingdom, last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.

The Electoral Commission said the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.