The Risks of China-based Technology
The rise of Chinese technology companies has been a significant global phenomenon over the past decade. Companies like Huawei, ZTE, and Tencent have become household names worldwide, thanks to their innovative and affordable products. However, the growth of Chinese technology firms has also raised concerns about their potential security risks. In this blog post, we will explore how Chinese technology poses a security risk out of the box.
One of the main concerns about Chinese technology is its potential to be used for espionage. Many Chinese tech companies have ties to the Chinese government and military, which has led some experts to worry that their products could contain hidden backdoors or other vulnerabilities that could be exploited by the Chinese government. For example, in 2018, the US government banned the use of Huawei and ZTE equipment in government networks due to concerns about their security.
In 2010, the U.S. Department of Defense found that thousands of devices that it used in the military computer networks were sending data to China. They were doing this from code that was hidden in the microchips that ran when the computer was turned on.
In 2014, China was also found to have hacked into Intel, one of the main computer processors manufactures in the world. They were hacked by a downloading a seemingly legitimate update from a vender’s website. Unknown to the employees at Intel, the vendor had been compromised and was serving up malicious updates.
Chinese technology companies have also been accused of stealing intellectual property and trade secrets from foreign companies. In 2018, the US Department of Justice charged several Chinese tech companies, including Huawei and ZTE, with stealing trade secrets from US companies. This kind of theft could give Chinese companies a competitive advantage in the global marketplace, which could harm the economic interests of other countries.
Even more recently, a lot of discussion has been had about the TikTok app on government devices. The largest concern is the information the app collects and where it sends it. TikTok is owned by a Chinese company ByteDance and is known to work directly with the Chinese government. The app itself has been shown collect about the same amount of user data as Facebook or similar but it sending that data to China based servers is what concerns people.
The threat of out of the box compromise from Chinese technology manufactures is a very real and very pressing matter. It shows the importance of fully understanding the technology that you download and bring into your personal business network.
There are many cyber groups based in China that are known for their activities, including state-sponsored hacking groups and criminal organizations. Here are some of the most well-known:
APT10: Also known as Stone Panda, this is a Chinese state-sponsored hacking group that has been active since at least 2009. APT10 is known for targeting a variety of industries, including technology, aerospace, and healthcare.
APT41: This is a Chinese state-sponsored group that has been active since at least 2012. APT41 is known for targeting video game companies and stealing intellectual property, as well as carrying out espionage and other types of cyber attacks.
Comment Crew: This is another Chinese state-sponsored group that has been active since at least 2006. Comment Crew is known for carrying out cyber espionage and stealing sensitive information from government agencies, defense contractors, and other organizations.
Darkhotel: This is a Chinese hacking group that has been active since at least 2007. Darkhotel is known for targeting high-level executives in the hospitality industry and stealing sensitive information, such as business plans and customer data.
APT3: Also known as Gothic Panda, this is a Chinese state-sponsored group that has been active since at least 2010. APT3 is known for targeting technology and defense companies, as well as carrying out cyber espionage.
It's important to note that not all cyber attacks originating from China are necessarily carried out by state-sponsored groups. There are also many criminal organizations in China that carry out cyber attacks for financial gain.