Chinese firm accusing NSA of hacking has global ambitions

0
Placeholder when loading item promotions

For years, the US government and American cybersecurity companies have claimed that China was behind brazen hacks that stole treasure troves of sensitive documents.

Chinese government officials have denied the claims, repeatedly accusing the US of its own cyberespionage without providing any evidence.

That changed in February, when a well-connected Chinese cybersecurity firm went public with an alleged US National Security Agency campaign targeting computers in 45 countries and regions, including China. US officials did not respond to requests for comment at the time.

The disclosure indicated a more aggressive public response from China to foreign hacking attempts. It also highlighted the growing influence of Qi An Xin Technology Group Inc., a Chinese tech company founded in 2014 with ambitions to become a global cybersecurity giant.

The company, whose headquarters are a 10-minute drive from the Forbidden City, was a beneficiary of a three-year plan unveiled last year to grow China’s cybersecurity industry to more than 250 billion yuan ($39.3 billion) by 2023 by raising investments into the sector and tightening of regulation.

Qi An Xin was tasked with managing cybersecurity at Tiananmen Square on the 70th anniversary of the Chinese Communist Party’s rule and overseeing network security for the Beijing Winter Games. In December, Beijing’s municipal government selected Qi An Xin as one of 20 “invisible champions,” an award given to companies that develop technologies critical to China’s national strategy.

“Their talent is undoubtedly one of the top 10 companies in the world,” said Dakota Cary, adviser on China’s cyber capabilities at Krebs Stamos Group. “When there is a problem at the provincial level or even at the central level, when the government needs a response team, Qi An Xin seems to be the right place to go.”

A Qi An Xin representative declined to comment on the story.

According to a study by the International Institute of Strategic Studies last year, China’s cyber industry accounts for less than 7% of the global market, compared to the US’s roughly 40%.

Chinese cybersecurity companies are struggling to expand their business in the private commercial market as awareness of the risks of cyberattacks is low, especially among small and medium-sized businesses, Cary and two other cybersecurity experts said. Public reporting of threats or attacks is rare, so investing in cyber is not considered a critical business cost, according to several analysts with knowledge of China’s cyber industry.

This lack of demand for cyber protection among businesses and individuals partially explains Qi An Xin’s reliance on state clientele, Cary said. According to research firm Dongguan Securities, its contracts with governments, public security agencies, and military customers account for 52% of its revenue in 2019.

Overall, Qi An Xin generated 5.81 billion yuan ($871 million) in revenue in 2021, lagging behind some of the larger western cybersecurity companies. Palo Alto Networks Inc., for example, reported revenue of $4.3 billion in fiscal 2021.

But the company has ambitions to compete globally with US cybersecurity firms and others in the West. Founder Qi Xiangdong told reporters he wanted Qi An Xin to “go out into the world” this year.

According to a report by Avic Securities, the company has some businesses outside of mainland China, including providing cybersecurity services for the overseas operations of Chinese companies and banks in places like Southeast Asia, the Middle East and Africa.

According to Avic analysts, the company also holds contracts to provide cybersecurity infrastructure to governments including in Indonesia, Algeria, Angola and Ethiopia.

China’s cyber industry is still primarily driven by compliance, so its security products are manufactured to meet domestic regulatory requirements that may conflict with requirements outside the country, said Vivien Pua, security industry analyst at market research firm Frost & Sullivan.

In addition, Chinese companies like Qi An Xin are finding it more difficult to gain trust in Western countries, said Niko Yang, a senior analyst at Beijing-based investment research firm EqualOcean. Qi An Xin’s ties to the government may complicate any attempts to appear independent to potential clients abroad, a concern many China-linked cyberservices face.

“For this type of critical infrastructure, it’s difficult for countries to be willing to completely hand things over to others,” he said. “The same goes for China’s domestic cybersecurity — they also won’t hire foreign companies for the most critical security tasks.”

These close ties to the government are undeniable.

Its founder, Qi Xiangdong, 57, worked for 17 years at Xinhua, the national media agency, where he rose to the role of deputy bureau of communications technology. He also serves as a delegate on a political advisory body of the Beijing municipal government.

Company president Wu Yunkun, meanwhile, serves as vice president of a working committee at the China Information Ministry Association, which is overseen by the Ministry of Civil Affairs. Vice President Yang Hongpeng also previously served in Xinhua’s communications department. Board members Meng Yan, Xu Jianjun and Zhao Bingdi have held state-related positions in finance and technology.

In February, a Qi An Xin security team called Pangu Labs — known in China for exploiting vulnerabilities to target Apple Inc’s iOS systems — released a hacker group called “Equation.” According to the researchers, this group is “generally believed” to be associated with the NSA.

Malware was allegedly found in 2013 and 2015 at an unnamed Chinese agency that Pangu Labs claims was part of a 10-year campaign that infiltrated key institutions around the world, according to the report, which was run by the Communist Party-backed Global Times reported.

The alleged spying campaign took place in 2013, and information about the malware had previously surfaced in leaks by former NSA contractor Edward Snowden, meaning other hacking groups may have accessed the code as well. However, according to Cary of the Krebs Stamos Group, the details of the hack were perhaps less significant than the fact that they were made public in the first place.

“There is something in the relationship between Qi An Xin and the government that has allowed them to publish something like this,” he said. “That’s a major reason they have so many contracts.”

Pangu Labs previously told Bloomberg News that it had waited nearly a decade to disclose details about the hack because it was analyzing the data in question.

Chinese cybersecurity firms have rarely directly shared details of foreign attacks.

In March 2020, Qihoo 360 Technology Co. Ltd., co-founded by Qi, accused a group suspected of being linked to the CIA for alleged hacks against China. The US government added Qihoo 360 to its entity list due to national security concerns.

The state-owned China Electronics Corporation acquired a 23% stake in Qi An Xin in 2019, replacing Qihoo 360 as the second largest shareholder behind Qi Xiangdong.

While the NSA’s outing could make Qi An Xin even more popular with the Chinese government, it could complicate its efforts to expand in the West. So could U.S. restrictions on some Chinese tech companies and China’s own reluctance to integrate into the global talent pool, said Greg Austin, an IISS senior fellow on cyber, space and future conflicts.

For more stories like this, visit bloomberg.com

Share.

About Author

Comments are closed.