China blames US intelligence agencies for cyber attack in Wuhan

China has reiterated claims that last month’s cybersecurity attack on a Wuhan facility was the work of American intelligence agencies, pointing to a “very complex” malware used in the incident.

The Wuhan Earthquake Monitoring Center on July 26 was reported to be the victim of an attack that appeared to originate from government-backed hackers in America. The allegations state the attack targeted network equipment that collected seismic intensity data, which measured the magnitude of earthquakes and contained information concerning national security, according to the Wuhan Municipal Emergency Management Bureau. Information on military defense facilities, for example, is taken into account in determining seismic intensity.

In the weeks following the attack, investigations have uncovered “malicious backdoor software that exhibits characteristics of American intelligence agencies”, according to a report Monday by state-owned media Global Times. Investigations were conducted jointly by China’s National Computer Virus Emergency Response Center (CVERC) and local cybersecurity vendor 360.

CVERC’s senior engineer Du Zhenhua said in the report that the country collects data to better monitor and detect geological disasters and provide early warning. Such data can offer valuable insights into military intelligence, he said.

Chinese officials suggest that accessing relevant data from seismic monitoring centers can enable hackers to estimate underground structures of a specific area and assess if it is a military base. This data will prove useful to foreign military intelligence agencies, such as the United States Department of Defense.

Du added that cybersecurity attacks could damage monitoring systems, rendering them ineffective in giving accurate data in the event of an earthquake, or could lead to them triggering false alarms. These issues could fuel social panic and lead to serious consequences, he said.

Remote sensing and telemetry systems — and the data they contain — are critical national resources that must be given priority protection, said Xiao Xinguang, who is a member of the National Committee of the Chinese People’s Political Consultative Conference, and also chief software architect of local antivirus vendor Antiy Labs.

The report pointed to Prism and WikiLeaks as documented examples of the American government’s surveillance of other foreign leaders, including allies.

ZDNET emailed both the US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) seeking their responses on several questions, including on China’s latest allegations, whether the Chinese government had been in touch regarding its findings on the Wuhan cyberattack, and whether America had observed a rise or drop in nation-state attacks from China this year.

A CISA spokesperson did not comment on any of the questions, replying instead with a one-line reference to its advisories and an overview of China’s cyber threat. It has similar landing pages for Russia, North Korea, and Iran. On China, the United States government states: “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”

CISA and NSA early this month released a report highlighting the top software vulnerabilities commonly exploited in 2022. These included several flaws previously highlighted in 2021 and used by Chinese state-sponsored cyber actors, according to the August 3 statement released by the America security agencies and their Five Eyes counterparts comprising Australia, New Zealand, Canada, and the United Kingdom.