Chinese hackers are skilled enough to mount Stuxnet-level cyber attacks on critical infrastructure, and are stealing reams of data from US firms and governments departments, the US Department of Defense has warned.
The department claimed that analysis of attacks on its networks show Chinese hackers are more skilled than commonly believed, in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress on Monday.
The report said: "In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military."
The report revealed that to date the attacks have mainly been designed for cyber espionage. The department said that while espionage is an issue, the attacks are doubly concerning as they show that the hackers are skilled enough to create more dangerous sabotage tools on the same level as Stuxnet.
"Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks," said the report.
"Cyber warfare capabilities could serve Chinese military operations in three key areas. First and foremost, they allow data collection for intelligence and computer network attack purposes. Second, they can be employed to constrain an adversary's actions or slow response time by targeting network-based logistics, communications, and commercial activities.
"Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict. Developing cyber capabilities for warfare is consistent with authoritative PLA [People's Liberation Army] military writings."
Stuxnet is a notorious malware that was discovered targeting Iranian nuclear systems in 2011. The malware was atypical as it was designed to physically sabotage the infected power plants. The report said that the data already taken could also be used to help Chinese companies get an unfair edge on their western competitors.
"These intrusions were focused on exfiltrating information. China is using its computer network exploitation (CNE) capability to support intelligence collection against the US diplomatic, economic, and defense industrial base sectors that support US national defense programs," read the report.
"The information targeted could potentially be used to benefit China's defense industry, high-technology industries, policymaker interest in US leadership thinking on key China issues, and military planners building a picture of US defense networks, logistics, and related military capabilities that could be exploited during a crisis."
The Department of Defense is one of many US bodies that has accused China of mounting ongoing cyber attacks against its networks. The two governments have had a growing war of words over alleged state-sponsored cyber attacks over the last few years.
The war of words reached pandemic heights earlier this year when security firm Mandiant reported linking a sophisticated cyber espionage campaign to a Chinese military unit. More recently, Verizon claimed that a massive 96 percent of the known espionage attacks targeting its networks stemmed from China.
China has consistently denied the allegations, claiming that cyber security is a global issue that affects all governments. At the time of publishing, the Chinese London Embassy had not responded to V3's request for comment on the Department of Defense's report.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all