China's 'White Hat' Hackers Suspected in Spike of Cyberattacks
China may be using white hat hackers for cyberattacks, boosting its cyber-offensive capabilities. Since 2021's mandatory vulnerability reporting, attacks linked to China have surged, revealing the potential misuse of vulnerability reports by state-linked groups. The trend highlights a shift from phishing to vulnerability exploitation.
- Country:
- China
China is increasingly suspected of involving 'white hat' hackers—traditionally tasked with identifying cybersecurity weaknesses—in cyberattacks. A report by Nikkei Asia suggests that China is boosting its offensive capabilities by tapping into its top private hackers. Since mandatory vulnerability reporting to the Chinese government began in 2021, suspected Chinese-involved attacks have risen sharply.
White hats, who typically work for security firms or as freelancers, hunt for bugs, report them, and get compensated. Nikkei Asia noted that developers then issue patches and instruct users to install them. In September 2021, concerns were raised in Europe and the US about vulnerabilities being exploited before patches could be applied.
Later that year, China's Ministry of Information and Technology suspended Alibaba Group Holding's cloud computing operations from a cybersecurity partnership for six months for failing to report issues. Nikkei Asia, in collaboration with cybersecurity firm Trend Micro, gathered data on 222 software vulnerabilities exploited by hacker groups linked to the Chinese government, using these vulnerabilities to infiltrate networks.
Katsuyuki Okamoto, a cybersecurity expert at Trend Micro, told Nikkei Asia, 'In the past, the main method of cyberattack was phishing, involving tricking victims into downloading malware via email. Now, vulnerability attacks are mainstream.' A search on OTX, a platform developed by AlienVault for sharing threat intelligence, revealed 1,047 attacks exploiting these vulnerabilities.
Chinese white hats are globally recognized for their bug-hunting expertise. Following the 2021 reporting mandate, there were 16 cases, escalating to 267 in 2022, and nearly doubling to 502 in 2023. The trend persists, with 242 cases reported in the first half of this year. Taiwan-based cybersecurity firm TeamT5 reported that i-Soon hired numerous white hat hackers, with a significant portion of their work reportedly commissioned by Chinese state security.
(With inputs from agencies.)
Google News