Google announced earlier this month that Chinese-backed hackers were observed targeting former Vice President Joe Biden's campaign staff.
The internet giant said that hackers did not appear to compromise the campaign’s security, but the surveillance was a reminder of Russia’s interference in the 2016 election.
Analysts say China’s primary motive for breaking into a campaign is to collect intelligence such as Biden’s proposals for U.S. policy on China, although hackers could later try to use stolen intelligence to interfere in the campaign itself.
APT31
Shane Huntley, director of Google’s Threat Analysis Group twittered on June 4 that the company has discovered a “China APT group targeting Biden campaign staff with phishing,” but there was "no sign of compromise.”
Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement. https://t.co/ozlRL4SwhG
— Shane Huntley (@ShaneHuntley) June 4, 2020
The group Google discovered is called APT31. APT is an acronym for “advanced persistent threat” usually from a group that has the backing of, and direction from, an established nation state.
According to ZDNet, a tech trade publication, APT31 “also known as Zirconium, is a Chinese state-sponsored hacking group that has been active since at least early 2016, and has historically targeted foreign companies to steal intellectual property, however, it has also targeted diplomatic entities in the past.”
“This group, APT31 that we've tracked for awhile, [is] a group that we've seen involved in what we believe is strategic intelligence collection for things of interest to the Chinese government,” said Luke McNamara, a principal analyst with cybersecurity firm FireEye Intelligence.
Biden’s campaign issued a statement that it has “known from the beginning that the campaign would be subject to such attacks” and the campaign will ensure that its assets are secure.
An official at the U.S. government’s Cybersecurity and Infrastructure Security Agency told VOA they have shared the information with congressional campaigns and state and local election officials to better prepare them for attacks.
“Google’s announcement shows that secure, resilient elections are much bigger than state and local, or even federal government efforts. The private sector has a key role, as does the American voter,” the official said in an email response.
Spying or interfering?
This is not the first time that Chinese hackers have been accused of targeting a U.S. presidential campaign team.
During the 2008 presidential election campaign, a group of hackers believed to be supported by the Chinese government was accused of hacking into the campaign teams of Democratic presidential candidate Barack Obama and his Republican rival John McCain, obtaining email correspondence and internal documents that included the candidates’ positions on China.
James Lewis, director of the Technology Policy Program at the Center for Strategic and International Studies (CSIS), said that by breaking into a campaign, a hacker could learn valuable information such as the candidate’s strategies and personal network of friends and colleagues.
“In fact, I know the Biden campaign is writing position papers on how to deal with China. Getting access to that would be invaluable for Beijing. And that's the primary motive,” he told VOA.
“Will they go beyond that and actually try and interfere in the campaign the way the Russians have?” Lewis said. “I don't know. But collect intelligence. Yes. Interfere in the campaign. Maybe.”
Cybersecurity experts say whether ACT31 is intelligence gathering or engaging in political interference depends on how the hackers use the stolen information.
U.S. intelligence agencies found that during the 2016 presidential election cycle, Russians successfully hacked into the email box of the campaign manager for Democratic contender Hillary Clinton, using a “phishing” strategy. The hackers then went ahead and exposed tens of thousands of stolen emails via WikiLeaks.
Many political observers believe those emails undermined Clinton’s campaign, contributing to her loss in the 2016 election.
Information operations
Apart from hacking, foreign forces also use social media to spread misinformation that can mislead people or exacerbate political divisions among voters. This is referred to as “information operations” in the intelligence community.
Chinese officials are increasingly taking advantage of social media platforms that are banned in China, such as Twitter and Facebook, to conduct information operations overseas.
Michael Daniel, the president and CEO of Cyber Threat Alliance, an independent group of cyber security advisers, told VOA Mandarin he expects China to use information operations to promote policies and politicians that would seem more friendly to China.
“That's very different than trying to disrupt the electoral process and have us wonder who actually won a particular race,” he told VOA Mandarin.
FireEye’s McNamara agreed. He added that China has been building its capability of employing information operations, and whether it will use it to interfere the U.S. election is one of the things to look for in the future.
Yet CSIS’s Lewis offered a more concerning perspective. He said that in the past few years, China has taken a much more overtly political campaign in Australia, Taiwan, Canada and some Southeast Asian countries.
“China is using all the tools it has to interfere with politics there. And I think they're experimenting with a good way to do this in the U.S.,” he said. “I think the Chinese have decided they need to get into this game of political interference.”
China has been repeatedly accused of attempting to influence the American elections. A Senate investigation in 1998 revealed that the Chinese government had illegally donated to the Democratic Party in the 1996 presidential election.
The U.S. National Intelligence Agency reported China tried to spread misinformation in the 2018 midterm elections.
Chinese officials have repeatedly denied that Beijing any intention of interfering with the internal affairs of other countries, and in April, Chinese Foreign Ministry Spokesman Geng Shuang told reporters during a daily briefing, “The U.S. presidential election is an internal affair, we have no interest in interfering in it.”
Lin Yang contributed to this report.