Return to

March 7, 2019
Notes from the Pentagon

U.S. hits back against Chinese cyberattacks
American intelligence and military cyberwarriors have begun conducting counter-cyberattacks against Chinese intelligence and military targets, according to a U.S. official.

The counterattacks are part of a new Trump administration policy designed to retaliate for rampant cybertheft of American technology by the Chinese that has caused estimated losses ranging from $200 billion to $600 billion a year. Details of the U.S. cyberoperations were not disclosed, and the activities remain classified.

The hacking is likely to include theft of Chinese advanced military know-how, such as hypersonic missile technology — an area of military research where China is believed to be ahead of the United States. Another possible target would be technology related to China’s anti-ship ballistic missile technology like that deployed in the DF-21D ship-killing missile. Such technology requires maneuvering warheads and special guidance.

One recent reported U.S. operation involved cyberattacks on a Russian troll farm in St. Petersburg on the day of the November midterm elections, The Washington Post reported. The troll farm was linked to the Moscow influence operation against the 2016 presidential election.

Separately, security firms disclosed this week that Chinese military intelligence units have engaged in large-scale targeting of American underwater technology from universities and research institutes to boost Beijing’s naval buildup.

More than two dozen universities in the United States and around the world were targeted as part of an effort by the People’s Liberation Army, the Chinese military, to build up its naval and submarine forces.

iDefense, one security firm, tracked the Chinese cyberattacks to a hacking group known variously as Temp.Periscope, Leviathan or Mudcarp. A second firm, FireEye, calls the hacking group APT40 or Temp.Periscope.

FireEye said the operations appear linked to Chinese activities in the South China Sea, where Beijing has built disputed islands and deployed advanced missiles on them beginning a year ago. The Chinese military hacker unit in charge of that region is the Chengdu-based Unit 78020.

The 27 universities included the University of Hawaii, the University of Washington and the Massachusetts Institute of Technology.

The Chinese were seeking submarine technology linked to the Pentagon’s Sea Dragon that involves the capability of firing anti-ship missiles while under water.

Also targeted was information on how to deploy unmanned aerial vehicles from submarines.

“The actor has conducted operations since at least 2013 in support of China’s naval modernization effort,” FireEye stated in its report. “The group has specifically targeted engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies.”

FireEye noted the seizure by the PLA in December 2016 of a Navy unmanned underwater vehicle (UUV) in the South China Sea. Within in a year of the incident, the Chinese military hackers were “masquerading as a UUV manufacturer, and targeting universities engaged in naval research.”

The Chinese maritime-oriented cyberoperations were first reported by The Wall Street Journal.

The commander of U.S. military forces in Europe said this week that Chinese investment in Europe is one of the major worries facing the European Command and NATO.

Army Gen. Curtis Scaparrotti, in testimony to the Senate, said his primary concern is Russia and the building of Russian military forces. However, the four-star general, who serves jointly as NATO commander, was questioned about Chinese efforts to move into the region with both increasing investment and influence.

“I’m concerned personally about the strategic investments that we see by China throughout Europe in air and seaports,” Gen. Scaparrotti told the Senate Armed Services Committee on Tuesday.

NATO officials have discussed how to deal with strategic investments in Europe by China that may affect the alliance, he said.

Gen. Scaparrotti said he also is concerned about maintaining secure communications with the emerging 5G telecommunications technology.

“That’s one of the reasons that when you now go to our allies, that we’ve said they need to be very careful about Chinese investment and their telecommunications capabilities,” he said. “We’re trying to get ahead of that.”

Most of the efforts are diplomatic for now, “but we do try to ensure that we can point out to them not only the economic benefits which China demonstrates and makes sure they are aware of but also the security aspects of their control of seaports, airports, critical key terrain, investment in infrastructure, particularly with technology that’s critical to security,” Gen. Scaparrotti said.

The Danish government recently scuttled a plan by China to build an airport in Greenland over security concerns.

Iceland last year signed a $250 million deal with China to develop geothermal energy.

Gen. Scaparrotti said he was particularly concerned about Chinese encroachment on Arctic regions near Greenland and Iceland, regions that are sensitive lines of communication used by warships and submarines.

“I think we need to watch carefully China’s investment in these ports and, as you know, many of their commercial companies are actually state-owned,” he said. “China is pressing to get into the High North and have some presence there, and so that creates competition.”

Russia also is building in the Arctic in anticipation of a northern sea route that is becoming more accessible.

Moscow has opened 10 airports and has deployed radar systems and periodically “different weapons systems up there for control of the area.”

The Carnegie Endowment for International Peace, a Washington think tank, stated in a report this week that China is seeking to “dominate” southern Europe through strategic and targeted investments.

“China’s deep pockets and generous investments are turning to Southern Europe — the latest target in its influence campaign to establish Chinese business, cultural and diplomatic presence around the world,” said Philippe Le Corre, a Carnegie senior fellow. “Chinese state-owned companies are using their financial leverage to build strongholds in Portugal, Greece and Italy.”

Chinese state-owned energy company China Three Gorges Corp. is now a shareholder in Portugal’s Energias de Portugal SA.

In Greece, the Beijing-owned China Overseas Shipping Group Co. (COSCO) now owns a 67 percent stake in Greece’s largest seaport, Athens’ Piraeus harbor, which will be a commercial hub for China in the Mediterranean.

China in Italy also purchased tire manufacturer Pirelli and machine-tools maker Cifa.

“There is a strong possibility that Southern Europe might become a zone of strong Chinese influence in the future,” Mr. Le Corre stated.

A Russian government agency reported in January that it detected the maneuvering of U.S. space satellites designed to monitor anti-satellite weapons and other space threats.

Russia’s Astro Space Center, known by its acronym, ANT, has been monitoring high-flying satellites that are part of the Air Force’s new Geosynchronous Space Situational Awareness Program.

The Air Force operates four GSSAP in near-geosynchronous orbit 22,300 miles in space that are used by the Strategic Command as part of the space surveillance operations.

“Space situational awareness” is the military’s term for monitoring space activities that can include anti-satellite missile activities, laser beam strikes, electronic jamming or small maneuvering co-orbital satellites that can be used to attack other satellites.

Two GSSAP satellites were launched in 2014 and another two were launched in 2016.

Russia’s federal news agency quoted ANT as stating that the space monitoring satellites “have recently been showing active movements.”

A Russian automated system that provides warning of dangerous events in near-Earth space “detected numerous movements by all four GSSAP satellites,” the report said.

The satellite movements coincided with the recent launch of a U.S. reconnaissance satellite that private analysts suspect is a new KN-11 optical intelligence satellite.

The activities also followed the reported recent test of a Russian Nudol anti-satellite missile, the report said.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to