FBI chief sounds off on China cyber threats

MI5 Director General Ken McCallum (left) and FBI Director Christopher Wray at a joint press conference at MI5 headquarters, in London, July 6, 2022.

MI5 Director General Ken McCallum (left) and FBI Director Christopher Wray at a joint press conference at MI5 headquarters, in London, July 6, 2022. Dominic Lipinski/PA Images via Getty Images

Chris Wray said that “the Chinese government sees cyber as the pathway to cheat and steal on a massive scale.”

FBI Director Chris Wray said on Wednesday that China's state-sponsored hacking program is "bigger than that of every other major country combined."

Speaking at the London headquarters of the British state security agency MI5, Wray described a wide range of activities that the Chinese government uses to try to obtain technologies for its own market and repress dissent—from industrial espionage and partnership requirements for companies operating in China to threats and intimidation of Chinese nationals living abroadOn cyber, Wray said that Chinese hackers are relentless in their search for "ways to compromise unpatched network devices and infrastructure."

Wray stated that "Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected. They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the 'noise' and normal activity of a network."

Chinese companies are also looking to acquire sensitive technologies being developed by startups in the United States by using special financial vehicles and "elaborate shell games" designed to conceal Chinese control of U.S. companies. 

Wray said the FBI is teaming up with MI5 and other law enforcement partners to identify these "hidden investments" and funnel them into the Committee on Foreign Investment in the United States  oversight process. He said that the U.S. has "identified and pulled into our CFIUS screening hundreds of concerning investments that participants failed to notify us about." 

U.S. companies doing business in China face operational requirements that can put firms and trade secrets at risk. Wray noted that compliance with a requirement to use tax software supplied by the Chinese government has resulted in companies "unwittingly installing backdoors into their systems that enabled hackers' access into what should have been private networks."

Wray urged the corporate audience to report cyber incidents to the authorities, noting  that the public and private sector have collaborated on "joint, sequenced operations that disrupt Chinese government cyberattacks," including a major hack of Microsoft Exchange servers in 2021.

Zhao Lijian, the top spokesperson for China's foreign ministry, addressed Wray's comments in a press briefing on Thursday. 

"Facts have fully proven that the U.S. is the biggest threat to world peace, stability and development. We urge this U.S. official to have the right perspective, see China's developments in an objective and reasonable manner and stop spreading lies and stop making irresponsible remarks."