According to the Cyberspace Administration of China (CAC), a large number of cyberattacks the country has received from US IP addresses are now using compromised resources to target Russia.
In a post on the CAC’s website, the agency wrote:
“Since late February, my country’s internet has been continuously attacked by overseas cyberattacks.
Overseas organizations controlled computers in China through attacks, and then carried out cyberattacks on Russia, Ukraine, and Belarus.
After analysis, these attack addresses are mainly from the United States.”
The agency claims that more than 10 attack addresses originate from New York alone and the peak attack traffic reaches 36Gbps.
87 percent of the attacks target Russia, suggesting the attackers are sympathetic to Ukraine defending itself against the invasion from its neighbour.
“A small number” of attacks have targeted addresses in countries like Germany and the Netherlands. Those attackers could support Russia’s invasion and are targeting countries that have supported Ukraine with humanitarian aid, defensive military resources, and taken in a large number of refugees from the crisis.
Despite international calls to denounce Russia’s invasion of Ukraine, China has neither publicly supported nor opposed it.
However, the fact that China – normally quick to take Russia’s side – is taking such a neutral position speaks volumes that it’s concerned about its international reputation and getting dragged into the kind of sanctions that have isolated Russia in global trade, led an increasing number of companies to exit the country or limit their services, and hampered its access to vital parts and technologies.
As Putin’s regime takes more extreme actions in Ukraine and gets investigated for additional war crimes, it seems likely that Beijing will distance itself from Moscow. Already we’re seeing headlines in Chinese state media gradually shifting in language towards opposing Russia’s invasion as it becomes more bloody and desperate.
It’s possible the cyber attackers detected by the CAC are using US IP addresses in a bid to stoke historic East-West tensions and put Beijing more firmly in Moscow’s corner.
Most of the IP addresses listed by the CAC are hosted at US carriers and the 36Gbps traffic – pretty low by today’s standards of 2.4Tbps attacks – indicates the attackers either didn’t really want to do any serious damage to their targets or have yet to reach the big hacker leagues.
Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.