SentinelOne has conducted an investigation revealing that claims by China, accusing the West of hacking and espionage, lack substantiated evidence. According to SentinelLabs, up until now, China's assertions seem to be simply recycling details from leaked American intelligence documents.

Commonly, reports of espionage involving nation-states, often identifying China or Chinese-affiliated threat groups, have detailed technical evidence shoring up the allegations. However, reports initiated by Chinese cybersecurity companies of cyber intrusions by Western nation-state agencies show a marked lack of similarly detailed discernable proof.

From the initial reporting of the US's involvement in Stuxnet to the summer of 2021, major players within China's cybersecurity industry failed to independently attribute any hacking activities within the PRC to US-associated APTs. The analysis didn't go beyond the investigation of tools and exploits linked with US-nexus hacking.

What's more, technical data requisite for such charges was never published by China's cybersecurity companies. Instead, reports appear to merely echo information from overseas vendors or use information from leaked US intelligence documents, a tactic shown to be a matter of policy rather than competency.

The investigation by SentinelOne highlights the involvement of Chinese cybersecurity firms coordinating the release of their analysis with governmental agencies and state-powered media outlets to maximise impact since at least 2016. The company has also pointed out how, following a 2021 joint statement by the UK, US, and EU regarding China's "irresponsible behaviour" in cyberspace, China embarked on an aggressive media campaign to shift the narrative towards US hacking operations.

China's allegations about the US's hacking activities, which moved from recycling old, leaked US intelligence documents to publishing allegations on state-run media platforms without technological validation in 2023, sorely lacking the detailed technical analysis required to validate their claims. SentinelLabs purports this cyber-focused media strategy set the stage for China's Ministry of State Security to reveal accounts of Western espionage in 2023.

Chinese allegations seem to be aimed at shaping global public opinion, presumably to dispel its image as a cyber aggressor and label the US as the "empire of hacking." Furthermore, SentinelLabs issues a stark reminder that if these claims by China are not pushed back against, the resultant public dialogue could allow them to make unsubstantiated accusations without facing repercussions.

Their conclusion, quite simply, is that China's allegations of Western espionage are derided within Western cybersecurity circles and should continue to be so. This hard stand is due to the absence of tangible evidence supporting the claims; up to now, China appears to have only reused leaked US intelligence while delaying the release of its own detailed accounts.

SentinelOne is a cybersecurity company specialising in endpoint protection and advanced threat detection and response. Founded in 2013, SentinelOne offers a comprehensive platform designed to protect endpoints such as laptops, desktops, servers, and IoT devices from a wide range of cyber threats, including malware, ransomware, fileless attacks, and zero-day exploits.