China claims US IP addresses used to attack it, Russia and Ukraine • The Register

China’s Cyberspace Administration said that “since late February” it has observed continuous attacks on the Chinese internet and computers in the country by people who have used the resources to also target Russia, Belarus and the United States. ‘Ukraine.

The allegation, whose title translates to “My country’s internet suffers from overseas cyberattacks”, was published on Friday and includes a list of IP addresses that the China Cyberspace Administration (CAC) is source or target of attacks.

“After analysis, these attack addresses are mostly from the United States. There are more than ten attack addresses in New York State alone, and the peak attack traffic reaches 36 Gbps,” says the CAC. “87% of attack targets are Russia, and a small number of attack addresses come from Germany, the Netherlands and other countries.”

The register has engaged in WHOIS action and can confirm that the IP addresses do appear to be owned or managed by US-based carriers or colocation companies.

Which is far from a smoking gun. It is entirely possible that whoever carried out this attack co-opted resources to these IP addresses. And while the CAC named the United States, Germany and the Netherlands as the launching point for the cyberattacks it detected, the regulator did not attribute the attacks to any of those countries.

The CAC statement making the allegation states that China CERT deflected the attacks, and CERT only offers the same statement in vague terms.

The reference to the attack traffic peak of 36Gbps may be telling, as this is the kind of language used to talk about the volume of garbage traffic thrown at a target during a distributed denial of service attack.

And it turns out that security companies have already found evidence of DDoS attacks against Ukraine.

But a 36 Gbps DDoS is not a big DDoS by contemporary standards. In October 2021, Microsoft claimed to have repelled a 2.4 Tbps attack and Cloudflare spotted a few that exceeded 1 Tbps in 2021.

Whoever hit China wasn’t wielding a big stick.

And China did not point fingers, but presented itself as an aggrieved party.

Which makes the announcement curious, because China rarely admits its weakness – yet in this case it appears to have happily and openly disclosed a DDoS that crossed its borders and bounced through local infrastructure into a war zone.

China and Russia recently declared an indefinite friendship, so accusations of Russian action are unlikely. But the CAC has campaigned for China’s own companies to improve their IT security for the sake of the nation and their own fortunes. Sharing the news of this incident could be the incentive some Chinese organizations need to put their house in order. And maybe do the same for anyone who has kit at the IPs where this incident started. ®

Previous Russia lists 17,576 IP addresses used in DDoS attacks
Next Ethereum-based domain names go mainstream with Cloudflare integration