Hackers are increasingly using false-flag operations that wrongly point the blame toward China for some cyberattacks, threat intelligence experts said.

Because Chinese hackers often rely on publicly available tools for their operations, it is easy to mimic their signature viruses, according to Brandon Helms, the chief operations officers at Rendition Infosecurity, a cybersecurity company that does incident response and threat intelligence.

Helms said the issue is becoming more prevalent because most hackers have access to the same publicly available tools that China favors. The trend is emerging as tension increases between the U.S. and Chinese governments and the United States takes a more aggressive approach in pursuing Chinese hackers.

Sometimes IT workers notice viruses that appear as if they are Chinese handiwork, but upon further investigation are from another group, Helms said.

Helms warned that it is difficult for most U.S. private sector companies to attribute cyberattacks because they do not have enough resources and intelligence. One of the reasons why the U.S. government is often slow to publicly attribute cyberattacks is because officials need to be certain that a particular actor is responsible for an event, Helms said.

But no matter who is responsible for cyberattacks, experts say the methods to protect networks are similar.

“Whether it is a state-sponsored actor or a local hacker sitting in his basement, the basic due diligence that I would advise for a Fortune 500 company is the same that I would advise my mother in South Carolina,” said Kelvin Coleman, executive director of the National Cyber Security Alliance, a nonprofit that promotes cybersecurity. He specifically cited applying software patches to devices as good cyber hygiene.

The statements come amid a slew of allegations from the Trump administration about Chinese hacking American defense and private sector organizations.

U.S. defense contractors say they have seen an increase in cyberattacks. Current and former intelligence officials also warn that China is attempting to build as much information about American citizens as possible.

“China’s strategy is the same: rob, replicate and replace,” assistant attorney general John Demers told lawmakers at a hearing Dec. 12. “Rob the American company of its intellectual property, replicate the technology, and replace the American company in the Chinese market and, one day, the global market.”

Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.

More In Cyber