"The U.S. is absolutely facing the most serious Chinese hacking ever." That's what the Washington Post was told by a China-focused consultant at security company SentinelOne:

Undeterred by recent indictments alleging widespread cyberespionage against American agencies, journalists and infrastructure targets, Chinese hackers are hitting a wider range of targets and battling harder to stay inside once detected, seven current and former U.S. officials said in interviews. Hacks from suspected Chinese government actors detected by the security firm CrowdStrike more than doubled from 2023 to more than 330 last year and continued to climb as the new administration took over, the company said... Although the various Chinese hacking campaigns seem to be led by different government agencies and have different goals, all benefit from new techniques and from Beijing's introduction of a less constrained system for cyber offense, the officials and outside researchers told The Washington Post... Chinese intelligence, military and security agencies previously selected targets and tasked their own employees with breaking in, they said. But the Chinese government decided to take a more aggressive approach by allowing private industry to conduct cyberattacks and hacking campaigns on their own, U.S. officials said.

The companies are recruiting top hackers who discover previously unknown, or "zero-day," flaws in software widely used in the United States. Then the companies search for where the vulnerable programs are installed, hack a great many of them at once, and then sell access to multiple Chinese government customers and other security companies. That hacking-for-hire approach creates hundreds of U.S. victims instead of a few, making it hard to block attacks and to decide which were China's key targets and which were unintentionally caught in the hacks, an FBI official said, speaking on the condition of anonymity to follow agency practices... "The result of that incentive structure is that there is significantly more hacking...."

China has mastered the ability to move undetected through networks of compromised U.S. devices, so that the final connection to a target appears to be an ordinary domestic connection. That makes it easy to get around technology that blocks overseas links and puts it outside the purview of the National Security Agency, which by law must avoid scrutinizing most domestic transmissions. Beijing is increasingly focused on hacking software and security vendors that provide access to many customers at once, the FBI official said. Once access is obtained, the hackers typically add new email and collaboration accounts that look legitimate... Beyond the increased government collaboration with China's private security sector is occasional collaborating with criminal groups, said Ken Dunham, an analyst at the security firm Qualys.

The article notes that China's penetration of U.S. telecom carriers "is still not fully contained, according to the current and former officials." But in addition, the group behind that attack "has more recently shown up inside core communications infrastructure in Europe, according to John Carlin, a former top national security official in the Justice Department who represents some U.S. victims of the group." And documents leaked last year from a security contractor that works with the Chinese military and other government groups "described contracts and targets in 20 countries, with booty including Indian immigration data, logs of calls in South Korea, and detailed information on roads in Taiwan.
"It also detailed prices for some services, such as $25,000 for promised remote access to an iPhone, payment disputes with government customers and employee gripes about long hours..."

[ Read more of this story ]( https://it.slashdot.org/story/25/07/19/0659227/chinese-companies-now-authorized-to-conduct-foreign-cyberattacks-sell-access-to-government?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.