CHINA / SOCIETY
Exclusive: Hackers behind cyberattack on Wuhan Earthquake Monitoring Center aim at stealing geological data: top cybersecurity expert
Published: Aug 02, 2023 10:33 PM Updated: Aug 02, 2023 10:40 PM
cyber attack Photo:VCG

Cyber attack Photo:VCG


The Wuhan Earthquake Monitoring Center recently suffered a cyberattack launched by an overseas organization. Zhou Hongyi, co-founder of 360 Security Technology told the Global Times in an exclusive interview that the purpose of the cyberattack was to steal geological data, noting that the response from certain Chinese organizations or institutes to face up to national-level cyberattacks is of great significance and deserves recognition.

Experts warned that cyber warfare is increasingly being used by countries or hostile forces as a "weapon" to attack other countries under the complex international environment, as security threats in cyberspace are more lethal and destructive. They urged the adoption of efficient measures such as establishing a comprehensive database of security incidents across the network and using AI tech to enhance the level of automation and intelligence.

In an exclusive report the Global Times published on July 26, it was revealed that Wuhan Earthquake Monitoring Center under Wuhan Municipal Emergency Management Bureau found some seismic early warning data collection network devices at the front-end stations were implanted with backdoor programs. Local public security authorities launched an investigation and preliminary evidence suggests the cyberattack was initiated by hacker groups and lawbreakers with governmental backgrounds from outside the country.

Zhou said that both Northwestern Polytechnical University (NWPU), which suffered a cyberattack from outside the country in June 2022, and Wuhan Municipal Emergency Management Bureau, have repelled these national-level cyberattacks, which have created important opportunities for detecting and preventing large-scale national-level cyberattacks. This is of great significance and deserves recognition.

After the cyberattack on Wuhan Earthquake Monitoring Center, experts from the National Computer Virus Emergency Response Center (CVERC) and internet security company 360 arrived in Wuhan to investigate. Preliminary evidence suggests that the purpose of the cyberattack was to steal geological data. "Geological information is closely related to battlefield terrain, and once stolen and associated with military activities, it will have severe consequences," Zhou said.

Both NWPU and the Wuhan center have proactively issued public statements stating that they have been subjected to cyberattacks initiated from overseas and have reported the incidents to the public security bureau. 

This active response deserves "high recognition," Zhou said. Faced with attacks from national-level Advanced Persistent Threat (APT), it requires the collaboration of multiple parties, including the government, enterprises, internet security companies, and organizations, to form a strong collective force to jointly respond. However, in reality, many involved units fear to take responsibility, which leads to significant resistance in APT investigations. This results in incomplete and inadequate analysis of APT investigations, which is extremely detrimental to the country's response to APT attacks, according to Zhou.

They resisted the national-level cyberattacks, which have created important opportunities for us to detect and prevent large-scale national-level cyberattacks. By fully exposing cyberattacks from overseas, it is of great significance from the perspective of safeguarding the national interests of our own cyberspace, as well as ensuring peace and security in global cyberspace, Zhou noted.

Units that are afraid to take responsibility will bring obstacles such as "difficult access," leading to the loss of crucial evidence for APT attack analysis.

'Invisible' challenge

National-level APT organizations often target Chinese government institutions, leading companies in certain industries, universities, medical institutions and research organizations to launch cyberattacks, aiming to steal data, intelligence, and cause damage. Their biggest challenge is being "invisible," according to the top cybersecurity expert.

Cyberspace is evolving into the main battlefield for international game, especially in the Russia-Ukraine conflict. What has happened in the Russia-Ukraine conflict is a reminder for China to enhance its cyber defense, as cyberattacks could lead to power outages and energy and food supplies being cut, experts have noted.

Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data security, the Global Times learned from a Beijing-based cybersecurity lab in February. 

Currently, the international situation is complex and turbulent, accompanied by the intensification of great power games. The militarization of cyberspace is accelerating, and cyber warfare is increasingly being used by countries or forces as a "weapon" to attack other countries. The security threats in cyberspace are more lethal and destructive, Zhou said. 

In the years of tracking and researching cyber warfare, we have found that unlike other modes of warfare, cyber warfare does not distinguish between wartime and peacetime. Attacks can be launched at any time, and it has become the preferred choice for warfare due to its low cost, effectiveness, controllable intensity, and the difficulty of identifying the attacker for counterattacks, Zhou noted.

Building security defense system

Zhou warned that facing powerful attacks but ineffective methods, we need to build a secure big data infrastructure and establish a comprehensive database of security incidents across the network to help users defend against threats and attacks.

Secure big data, intelligence and knowledge are the foundation and key to identify and capture traces of cyberattacks. The government and enterprises need to establish a dynamic database of security incidents across the network to "see" threats to the industry with a broader perspective and understand the overall security situation. Among these, endpoint data is particularly important as 80 percent of APT attacks target the endpoint environment. Endpoints are the eyes that can see the threats, according to the expert.

From Quantum encryption technology, big data anti-fraud systems, to methods of identifying AI-enabled forgeries, cutting-edge technologies were showcased at a cybersecurity-themed expo held in Hefei, Anhui Province, part of the 2022 China Cybersecurity Week, demonstrating China's unremitting efforts to strengthen cybersecurity.

A report released by the China Internet Network Information Center in August 2022 showed that 63.2 percent of China's internet users said in June that they had not encountered cybersecurity problems in the past six months, up 1.3 percentage points from December 2021.

In recent years, China has also accelerated the building of legal protection in cybersecurity by issuing a national strategy on cyberspace security and promulgating a series of laws and regulations, including a data security law and a personal information protection law.