US, China expected to meet at the next cyber frontline in East Asia

By Kuksung Nam, The Readable
Dec. 8, 2022 6:17PM KST

The most important part of the cybersecurity domain in the following year in East Asia will be the strategic competition between the U.S. and China, an expert on the Asia-Pacific region’s threat intelligence said on Wednesday.

“The U.S. and China are building a more and more intensive [strategic] competition,” said Chang Checheng, a cyber threat intelligence analyst at Taiwan-based cybersecurity firm TeamT5, to The Readable at the Cyber Threat Intelligence Korea Conference on Wednesday. “China will need more information and espionage activities from its’ neighboring countries directed at the U.S. and APAC region.”

According to Chang, who shared his thoughts about the cyber landscape in the coming months, China will leverage cyberattacks for initial reconnaissance as the country tries to broaden their military expansion.

“We have seen Russian advanced persistent threats (APTs) come as the first step in the very beginning of the [Russia-Ukraine] war,” said the expert during his speech at the conference. “We believe cyberattacks will become the key factor.”

Although not all sophisticated hacking groups, which are known within the cybersecurity industry as advanced persistent threats, are working on the behalf of the government, researchers believe Chinese APT groups have strong relationships with their government. Thus, one of the biggest motivations when the hacking group decides to deploy an attack could be related to political issues.

“Based on our observations, we found more and more groups which can be linked to the Chinese APT groups,” explained the analyst to The Readable. “China is hiring more civil companies to carry out state sponsored attacks, and we believe this kind of close relationship is becoming even closer.”

As sophisticated hacking groups become more advanced, they try to hide their identities, making it difficult for the researchers to connect the dots between the attack and the attacker. For the researchers, not only is it important to identify the attributer but it is also crucial to uncover the relationship between these hacking groups, as more of them are using shared tools or open-source tools.

“Traditionally, if one APT group used the same tool as another group, we group them together. This simple attribution methodology is no longer suitable,” said Chang. “We could see more subgroups of APT in terms of everywhere.”

nam@thereadable.co

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.