The Wuhan Earthquake Monitoring Center in China has been hit by a cyber-incident perpetuated by a hacker group with an “overseas government background.”
The Global Times newspaper, owned by the Chinese Communist Party, reported on July 26 that the Wuhan Municipal Emergency Management Bureau revealed that the Monitoring Center had been subjected to a cyber-attack by an “overseas organization.”
In its statement on Wednesday July 26, the Bureau said the public safety center immediately sealed off affected equipment and reported the attack to the authorities, according to the Global Times.
The newspaper claimed that “preliminary evidence suggests that the government-backed cyber-attack on the center came from the US.” It said that a Trojan horse program originating from abroad had been discovered at the Wuhan Earthquake Monitoring Center, as confirmed by the Jianghan sub-bureau – a public security bureau.
In a press conference on July 26, Chinese Foreign Ministry Spokesperson Mao Ning condemned the attack, and commented that “the US government is engaged in malicious cyber operations against not just China but countries around the world.”
However, when questioned whether the US had directly carried out the attack she said, “a hacker group with overseas government background.”
Ning also accused the US of “politicizing and weaponizing cybersecurity issues,” and said the Whitehouse’s actions are hampering global efforts to tackle cybercrime.
Growing Tensions
The news comes amid growing tensions between the US and China, which has reportedly spilled into the cyber realm.
In July 2023, Microsoft revealed that it had discovered a Chinese espionage campaign that compromised at least 25 organizations, including the US government. This shortly followed a joint advisory from government cybersecurity agencies from the US, Australia, Canada, New Zealand and the UK in May 2023 that warned about Chinese cyber activity targeting critical national infrastructure networks in the US.
The Chinese government has also previously expressed concerns about US cyber activity in its country, issuing a ban against products sold by US chipmaker giant Micron on cybersecurity grounds.
Speaking to Infosecurity, Ian Thornton-Trump, CISO for Cyjax, expressed skepticism that the US would have been behind this attack, believing it is more likely the perpetrator is an independent actor or hacktivist “possibly sympathetic to the current tensions with Taiwan.”
He noted: “Firstly, even if the origin of the attack came from several US-based autonomous system number (ASNs), it’s not likely any credible US Government or US-contracted APT group would use an IP address attributable to the country of where the attack originated from – proxies and VPNs would be a likely tactic and the attack would have been to try and conduct espionage from say an IP address located in India.”
Thornton-Trump also questioned what the US government would gain by targeting a public safety service like the Wuhan Earthquake Monitoring Center – particularly as it would mean losing the “moral high ground of your cyber operations.”