CCP Says Western Forces Launching Cyberattacks on China: Internal Document

The Chinese Communist Party (CCP) has warned of cyberattacks conducted by “Western anti-China forces,” according to a leaked internal document.

The document, obtained by The Epoch Times, was intended for internal circulation within agencies of the Chinese regime. The goal was for the agencies to “clearly understand the extreme importance and complexity of cybersecurity ahead of the anniversary.”

It states that the internet has become an “important battleground.” Specifically, a certain Western country uses its strong technological resources to infiltrate, subvert, defame, and attack the CCP in an all-encompassing manner.

The document gives some examples of cyberattacks by “anti-China forces.” It states that a certain Western country has established more than 100 cyber combat teams and has developed several thousand cyberattack and defense weapons. But China is lacking in this regard and has become a major victim of hacking attacks.

It then claims that “in the past few years, about 70 percent of Chinese netizens have become victims of cyberattacks,” without providing details about who was behind the attacks.

However, there is no evidence linking the U.S. cyber combat teams to cyberattacks targeting Chinese netizens. The “70 percent of netizens” is likely from domestic cyber fraud, according to a report by China Internet Network Information Center (CNNIC).

This hacker is mentioned by the leaked document as part of the threats from the West. In addition, in a set of training slides on cyber security, the hacker appears under the “threat” slide. It says that since May 2012, the so-called “anti-communist hacker group” hacks into a regime website every three days, posts derogatory remarks, and aims at “overthrowing” the CCP.

The hacker said on his own Twitter account that it’s been the work of a single person.

“Since April 12, 2012, when I hacked into a web page to vent my dissatisfaction with the government, everything has been done by myself alone. I use ‘we’ to make myself look bigger,” he said.

In addition, @fangongheike says on his profile that he doesn’t contact any individual or organization via any means, and that he hacks regime websites to satisfy his own private interests. He posts screenshots of hacked websites overlaid with @fangongheike messages, while the website functionality doesn’t seem to be affected.

As another example, the leaked document says that “according to a Western media report, a certain Western country has planted a Trojan horse virus in the Russian power grid, and that it can instantaneously cause a complete blackout in Russia.”

APT is a covert cyberattack on a computer network where the attacker gains and maintains unauthorized access to the targeted network and remains undetected for a significant period. During the time between infection and remediation, the hacker will often monitor, intercept, and relay information and sensitive data.

Several APT hacker groups are sponsored by the CCP. Since 2017, the U.S. Justice Department (DOJ) has indicted multiple Chinese hackers as members of CCP-sponsored APT groups.

Three Chinese hackers belonging to APT 3 were charged in November 2017 for computer hacking, theft of trade secrets, conspiracy, and identity theft directed at U.S. and foreign employees and computers of three corporate victims in the financial, engineering, and technology industries between 2011 and May 2017. Siemens alone lost 407 gigabytes of data due to APT3 hacking.

In December 2018, two Chinese hackers were indicted as members of the APT 10 group for targeting intellectual property and confidential business information. According to the indictment, from around 2006 to 2018, APT 10 conducted extensive hacking campaigns, stealing information from more than 45 victim organizations, including U.S. companies. Hundreds of gigabytes of sensitive data were secretly taken from companies in a diverse range of industries, such as health care, biotechnology, finance, manufacturing, and oil and gas.

In August 2019 and August 2020, the DOJ charged five hackers from APT 41, which orchestrated intrusions at more than 100 companies across the world, ranging from software vendors, video game companies, telcos, and more. The APT 41 group is now one of the most infamous and active state-sponsored hacking groups. Victim companies are from countries such as the United States, Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.

In February 2020, the DOJ charged four members of the Chinese military for hacking into credit reporting company Equifax, which affected more than 150 million customers. According to the indictment, the state-sponsored hackers ran approximately 9,000 queries on Equifax’s system obtaining records for nearly half of all U.S. citizens. Exposed data included names, birth dates, and Social Security numbers.

In July 2021, four members of APT 40 were charged with hacking various companies, universities, and government entities in the United States and worldwide between 2011 and 2018. Examples of APT 40 activity include targeting maritime industries and naval defense contractors in the United States and Europe, regional opponents of the Belt and Road Initiative, and multiple Cambodian electoral entities in the run-up to the 2018 election, according to the UK’s National Cyber Security Center.

In September 2020, then-U.S. Deputy Attorney General Jeffrey A. Rosen summarized the goal of CCP hacking.

“The record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cybercriminals, so long as they help with its goals of stealing intellectual property and stifling freedom.”