Ukraine Identifies 600 Sites Quietly Compromised by China Just Days Before the Invasion
Although propaganda from both the Russians and the Ukrainians has become a distinguishing feature in this war, intelligence reports from the SBU, the Security Service of Ukraine, that claim that Chinese hackers compromised up to 600 websites inside the country in the days leading up to the Russian invasion are easy to believe.
The Times, a British newspaper, reported it had obtained copies of SBU intelligence memos and that the targets included the Ukrainian National Security and Defense Council, the State Border Guard Service, nuclear facilities, the national bank, the railway authority and other key military sites.
? EXCLUSIVE: China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times https://t.co/johEE0k2VF
— The Times (@thetimes) April 1, 2022
The memos indicate the cyberattacks “peaked on February 23,” which was the day before the invasion began.
The Times reported the attacks were intended to “steal data” and to discover ways to “shut down or disrupt vital defense and civilian infrastructure.” The article noted that the memos are “thought to be prepared by another country” although the Times said it received them from the SBU.
The Russians were also conducting cyberattacks on Ukrainian sites at the time. The Times noted the SBU was able to determine the origins of the hacks “by the trademark tools and methods of the cyberwarfare unit of the People’s Liberation Army.”
According to the Times, U.S. intelligence sources confirmed this information is accurate.
Considering Russian President Vladimir Putin and Chinese President Xi Jinping, prior to the opening of the Winter Olympics in Beijing, signed a joint statement to proclaim a friendship between their countries that has “no limits,” as Newsmax reported, this story is entirely credible.
China has a lot to lose if its complicity with Russia were to be proven and made public. It could be hit with punishing economic sanctions by the West. Given the magnitude of the trade China conducts with Western nations, even a small reduction in business could have an impact on the country’s economy.
At any rate, the SBU memo said Ukraine intelligence agencies detected an “increase in activity against our country’s networks in mid-February with active CNE [computer network exploitation] operations being conducted daily.” The Times noted that CNE attacks are “typically used for reconnaissance and espionage.”
One of the memos stated: “Intrusions that are of particular concern include the CNE campaigns directed at the State Nuclear Regulatory Inspectorate and the Ukrainian Investigation Website focused on Hazardous Waste. This particular CNE attack by the Chinese cyberprogram included the launch of thousands of exploits with attempts pointed to at least 20 distinct vulnerabilities.”
The Times spoke to a number of cybersecurity experts to get their takes on the SBU memos.
Tom Hegel, a senior threat researcher at SentinelOne, a U.S. cybersecurity firm, told The Times, “It sounds like they didn’t care that they were seen — they had an objective to get in and get what they needed as quickly as possible.”
“It’s abnormal for a CNE-type effort, it stresses the importance of what they knew was coming.”
Hegel also said SentinelOne had “identified a separate, smaller Chinese cyberattack against Ukraine on March 22.” It was able to do so “confidently” after its analysts examined “the command and control servers” for the software involved. Another telltale sign that tied this to the Chinese was the “technique used to deliver it into Ukrainian systems,” The Times reported.
Steve Tsang, director of the Soas China Institute, spoke to the Times. He said, “The number of people China has engaged in cyberoperations is enormous. A lot of them are part of the People’s Liberation Army, which is part of the [Chinese Communist] Party.”
He continued, “We all believe that they have a cyberforce that attacks states. They have been more engaged in getting information rather than shutting people down. If they’re working in Ukraine, they’re working in support of Russians. The implications of this would be they are potentially subjected to sanctions.”
Sam Cranny-Evans, an intelligence and surveillance expert at the Royal United Services Institute, a British think tank, told The Times the findings have huge implications regarding cooperation between China and the chief Russian security service, known as the FSB.
“The attacks suggest a certain level of collusion between Russia and China, which may prompt revised assessments of the nature of the relations between Russia and China and the willingness of the two nations to support each other in military operations,” Cranny-Evans said. “It may also raise questions about what other support Beijing will provide Russia’s operation in Ukraine, and the potential for this to prolong the conflict.”
“At the capability level, it is interesting that the Russian security apparatus involved Chinese actors in this operation; they are typically quite capable and committed considerable resources to the intelligence operation in Ukraine in the lead-up to the conflict. The FSB for instance, had a staff of 200 personnel focused on gathering human intelligence in Ukraine, which included cyberattacks to gather information on the population.”
SentinelOne’s principal threat researcher, Juan Andrés Guerrero-Saade, weighed in.
“Credit to the Ukrainian government, I don’t know what they’ve done with [their] computer emergency response team, but they are killing it,” he told The Times. “It’s very plausible that the U.S. government is helping or that they have other companies on the ground — no one we know has owned up to that yet. There’s something going on there.”
Given the high number of hacking attempts against Ukrainian targets, analysts are surprised they haven’t been able to inflict more damage. The Times attributes this to efforts by the U.S. and the United Kingdom to fortify Ukraine’s cyber defenses ahead of the invasion.
Not only are the accusations made in the SBU memos plausible, I would argue that they’re probable. Of course, the Chinese are on Russia’s side.
The Chinese can’t overtly express their support for their ally’s invasion of Ukraine because they stand to lose highly profitable trade relationships with Western partners. But neither have they condemned Russia’s aggression.
At Friday’s virtual EU-China summit, European Commission President Ursula von der Leyen enlisted China’s help in ending the war in Ukraine. In a statement, von Der Leyen said, “We underlined that the Russian invasion of Ukraine is not only a defining moment for our continent, but also for our relationship with the rest of the world. There must be respect for international law, as well as for Ukraine’s sovereignty and territorial integrity. China, as a permanent member of the U.N. Security Council, has a special responsibility. No European citizen would understand any support to Russia’s ability to wage war.”
According to post-summit media reports, China remained noncommittal. The Washington Post noted that the bar had been set so low ahead of the meeting that nobody was surprised that no progress had been made.
A source “familiar with official discussions in Beijing” told the Post that Chinese officials are concerned the Russian invasion has brought the EU and the U.S. closer. Prior to this, China’s strategy had been to drive a wedge between them.
What did China expect would happen after two powers of the world trumpeted their “no limits” partnership on Feb. 4?
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.