A number of foreign hacker organizations have been utilizing malicious websites and overseas IP addresses to execute cyberattacks targeting China and other nations, according to China's national cybersecurity and information security notification center on Monday. 

These malicious websites and IPs are linked to specific Trojan programs or their control endpoints. The types of cyberattacks include establishing botnets, phishing, stealing trade secrets and intellectual property, and infringing on citizens' personal information, presenting a serious risk to domestic networks and internet users in China, according to the center in a statement. Some of these activities are suspected to constitute criminal offenses, the center noted.

The revelation of this batch of cyberattacks is just the tip of the iceberg, as such incidents have become increasingly common in our digital world. These attacks often target critical information infrastructure, Qin An, deputy director of the expert committee on counter-terrorism and cyber security governance at the China Society of Police Law, told the Global Times on Monday.

The locations of the relevant malicious websites and IPs mainly involve the US, the Netherlands, Singapore, Turkey, Mexico, Vietnam, and others, according to the center.

Of the 10 listed malicious websites and IP addresses, two were traced to the US. 

The malicious address gael2024.kozow.com, associated with the IP address 149.28.98.229 located in Miami, Florida, is linked to a family of backdoor viruses known as AsyncRAT, according to the statement by the center. 

The backdoor programs are able to carry out screen monitoring, keystroke logging, password retrieval, file theft, process management, camera control and interactive shell access. They can also visit specific URLs. 

These viruses can spread through various means, such as removable storage devices and phishing emails. Several related variants have been identified, some of which specifically target critical interconnected systems in the public welfare sector within China, the center said. 

Another malicious address located in Los Angeles is linked to multiple samples of the RemCos virus family. RemCos, a remote management tool that has been in existence since 2016, allows attackers to exploit backdoor access on infected systems to gather sensitive information and exert remote control, according to the statement. 

The latest version of RemCos is capable of executing a range of malicious activities, including keylogging, taking screenshots and stealing passwords, it added. 

These tactics such as Trojan horses, hacking, ransomware and phishing techniques are some of the conventional methods of the US to target a wide range of countries. China is among the victims of these cyberattacks, Li Baiyang, an associate professor of intelligence studies with Nanjing University, told the Global Times on Monday. 

In 2022, the email system of Northwestern Polytechnical University (NPU) in Northwest China's Shaanxi Province - well-known for its aviation, aerospace and navigation studies - was found to have been attacked by the US' National Security Agency (NSA), the Global Times learned from a source.

Of the 10 malicious addresses, three were traced back to the Netherlands. The center said it detected a type of Linux botnet virus that spreads through methods such as network downloads, exploiting vulnerabilities and brute-force attacks via Telnet and SSH. Once it successfully infiltrates a target network system, it can launch distributed denial-of-service (DDoS) attacks. 

Two malicious addresses were identified from Singapore. Multiple samples of the Farfli virus family were detected. Farfli is a remote-control Trojan that can spread through various methods, including network downloads, software bundling and phishing. 

Ensuring cybersecurity is a global challenge. China is a major victim of cyberattacks and has always opposed and fought various types of cyberattacks in accordance with the law, experts said. 

Relentless smears

Recently, the US has ramped up smear against China on cybersecurity issues. 

The US Department of the Treasury sanctioned a Beijing-based cybersecurity company on Friday, claiming it helped Chinese hackers infiltrate US telecommunication system and conduct surveillance.

Chinese Foreign Ministry spokesperson Guo Jiakun said on Monday that on the so-called issue of cyberattacks, China has made clear our position more than once. China has all along firmly opposed hacking and fights it in accordance with law.

China urged the US to stop using the issue of cybersecurity to vilify and smear China. For quite some time, the US has been trumpeting so-called "Chinese hacking" and even using it to impose illegal and unilateral sanctions on China, Guo said. 

China firmly rejects this and will do what is necessary to safeguard our lawful rights and interests, Guo noted. 

Titled "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons," the Wall Street Journal in a Saturday report sensationally accused Chinese hackers of being able to "shut down dozens of US ports, power grids and other infrastructure targets at will." 

The US has long propagated a series of unfounded accusations against China and cybersecurity has recently become a focus. The US sees cyberspace as a crucial dimension in the overall competition between with China, therefore it seeks to preserve its hegemony in this regard and cannot accept China's development, Li noted.

Hyping so-called cybersecurity threat from China would also benefit certain US governmental agencies which want to secure more funding, Li said.

Some think thanks and firms in sectors of artificial intelligence, big data, and cloud computing also favor such a narrative to get projects from the US government, he further explained.