US Conducts Cyberattacks Against Major Chinese Commercial Encryption Provider- Report

Experts described the incident as the latest example of US cyber operations targeting China’s critical infrastructure.
Experts warned that commercial encryption systems underpin everyday activities such as financial transactions. They told the Global Times on Monday that attacks on Chinese encryption products could severely compromise national cybersecurity.

The report detailed that throughout 2024, US intelligence agencies exploited a vulnerability in a customer relationship management (CRM) system used by the Chinese company to launch the intrusion.

The CRM system stores customer and contract information. The attackers targeted the system through an undisclosed vulnerability, achieving arbitrary files upload. After gaining access, they deleted certain log records to cover their tracks.

The attack was methodically executed. On March 5, 2024, a specialized Trojan horse program was implanted into the CRM system. By May 20, the attackers expanded their operations, and conducted lateral movement to infiltrate the company’s product and project code management systems.

The report disclosed that a substantial volume of commercial secrets, including customer, contract and project information, was stolen. Between March and September 2024, attackers accessed the CRM system using 14 overseas proxy IP addresses, stealing approximately 950MB of data. The compromised system contained over 600 user accounts, 8,000 customer profile records, and more than 10,000 contract orders, some involving key Chinese government entities.

The stolen details included contract names, procurement content and transaction amounts. Separately, from May to July 2024, attackers used three overseas proxies to infiltrate the company’s code management system, stealing an additional 6.2GB of data. The code management system contained information including codes from three major encryption development projects.

Sources familar with the matter indicated that the stolen procurement and code information from multiple Chinese government agencies could allow US intelligence agencies to uncover vulnerabilities in China’s domestically developed encryption products. There are also concerns that the stolen source codes could be tampered with, potentially embedding malicious programs to facilitate future espionage through supply chains, ultimately threatening the security of China’s critical information infrastructure.

Li Baisong, deputy director of the technical committee of Antiy Technology Group, told the Global Times on Monday that commercial encryption products serve vital functions in areas such as telecommunications, energy, finance and transportation.

Li recalled historical precedents, such as during the conflict between the UK and Argentina, Argentina’s encrypted communications were compromised by US intelligence agencies and shared with the UK, underscoring the serious consequences when encryption systems are breached. Although commercial encryption products are not directly responsible for safeguarding national secrets, its integral role in critical infrastructure means that any compromise can pose significant risks.

Li further analyzed that commercial encryption products form the backbone of information security systems, often employing national standard algorithms and rigorous protocols. Breaking these systems typically requires immense computational power and prolonged timeframes. To undermine other nations’ cryptographic capabilities, US intelligence has historically used strategies like weakening encryption standards, gaining commercial control over vendors, and, more aggressively, direct cyber intrusions to steal or manipulate development processes.

Li concluded that although China has made significant strides in enhancing the security of its domestic hardware and software, facing US cyberattacks, intensified efforts are needed.