The Cyber Strategy released earlier this week by DoD has mentioned an increase in the state-sponsored cybercrime from People's Republic of China (PRC), particularly against sensitive targets that could affect military responses.
According to the agency, this is done in order to "to counter US conventional military power and degrade the combat capability of the Joint Force."
The DoD claims in their report that the PRC "poses a broad and pervasive cyberespionage threat," monitoring movements of individual beyond its borders, and further acquiring technology secrets, and eroding the capabilities of the military-industrial complex. However, the NSA cautioned that the operation goes beyond routine information collecting.
"This malicious cyber activity informs the PRC's preparations for war[…]In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources. It will also likely seek to disrupt key networks which enable Joint Force power projection in combat," the report stated.
The notion that cyber activities can signal impending military action is consistent with predictions made earlier this year in the wake of the Volt Typhoon attacks by Microsoft and others. With a series of compromises that targeted telecom networks, power and water controls, US military bases at home and abroad, and other infrastructure whose disruption would interfere with actual military operations, the Beijing-backed advanced persistent threat (APT) made national headlines in the US in May, June, and July.
However, the operational technology (OT) used by the victims has not yet been impacted by the compromises. But, CISA Director Jen Easterly warned at Black Hat USA in August that if the US gets involved in a potential invasion of Taiwan, the Chinese government may be positioning itself to launch disruptive attacks on American pipelines, railroads, and other critical infrastructure.
"This APT moves laterally into environments, gaining access to areas in which it wouldn't traditionally reside[…]Additionally, this threat actor worked hard to cover their tracks by meticulously dumping all extracted memory and artifacts, making it difficult for security teams to pinpoint the level of infiltration," says Blake Benson, cyber lead at ABS Group Consulting.
Taking into account the military-focused cyber activities that can potentially entail collateral damage to bystander business, there could also be a sort of ‘anti-halo effect’ at work, according to John Gallagher, vice president of Viakoo Labs at Viakoo.
"Virtually all exploits launched by nation-states 'leak' over to non-nation-state threat actors[…]That means organizations who depend on IoT/OT systems will be direct targets at some point to the same threats being launched against national critical infrastructure," warns Gallagher.