IN-DEPTH: China Escalates Its Cyberwar Against the West

Over the past few decades, China has adopted a policy of information warfare against its global adversaries by leveraging its civilian cyber sector. This constitutes Beijing’s “people’s war” on the world inflicted by its civilian cyber militias, according to cybersecurity experts.

The Chinese Communist Party’s (CCP) civilian cyber sector includes individual cyberoperatives, private institutions, academia, and government institutions. In operational terms, these civilian sector operators do not have an official place within the People’s Liberation Army’s (PLA) order of battle. They turn into the communist regime’s “cyber proxies and mercenaries,” according to Simone Ledeen, a senior visiting fellow at the Krach Institute for Tech Diplomacy at Purdue University and a former deputy assistant secretary of defense for the Middle East.

Ledeen said these proxies conduct cyberespionage and cyberattacks to collect sensitive information from foreign governments, companies, and organizations, giving China a competitive advantage over its adversaries.

The APT41 has been on the “wanted” list of the FBI since 2019 after a grand jury in Washington returned an indictment against APT41 members and Chinese nationals Zhang Haoran and Tan Dailin and another indictment in 2020 against other members, Qian Chuan, Fu Qiang, and Jiang Lizhi.

The Epoch Times reached out to the Secret Service for comment but didn’t get a response as of press time.

Likewise, the internet has many news reports of the malicious activities of the Chinese cyber proxies and state cyber actors. These operations are only increasing in their sophistication, with 25 percent of China’s overall hacking activities being targeted at the United States alone, according to a two-month-old NBC report.

“Indeed, one of the hallmarks of China’s cyber strategy is the degree to which it integrates their civilian economy into its approach to the information domain,” said Green, adding that the PLA coordinates various components of the information domain with parts of the civilian economy to use it as a “force multiplier.”

The local militias were a key component of Mao Zedong’s concept of “people’s war” (人民战争) until 1978, after which their importance was reduced, and the PLA modernized and professionalized. The same development was also seen in China’s cyberwarfare.

In the late 1990s and early 2000s, when Beijing’s information warfare capabilities emerged, the Chinese “patriotic” nationals routinely conducted operations with little oversight from the CCP, according to Green.

“The Chinese government initially encouraged these adventures, but by 2002 the CCP began to rein in these freelancers while simultaneously replacing them with auxiliaries dedicated to information warfare. Patriotic hackers were either ‘absorbed’ into the PLA through recruitment or integrated through the militia system,” said Green, adding that Beijing’s cyber auxiliaries are a part of the PLA’s 8-million-man militia system, as well as part of the forces of other agencies.

The 8-million-man militia would have grown exponentially in this period, and the cyber auxiliaries would have increased within it. However, The Epoch Times hasn’t been able to determine the current statistics.

Green said it’s difficult to decipher China’s cyber “people’s war” because it’s difficult to find the exact functions of cyber auxiliaries through open-source information. But he mentioned that the units are recruited from and organized as “cells” within government, telecommunications, and academic institutions.

Sahar Tahvili, an artificial intelligence (AI) researcher who holds a doctorate in software engineering and is the author of “Artificial Intelligence Methods of Optimization of the Software Testing Process,“ told The Epoch Times in an email that limited evidence about China’s cultivated relationship with non-state cyberoperatives helps it ”to maintain a level of plausible deniability.”

Sameer Patil, a senior fellow at the India-based Observer’s Research Foundation, told The Epoch Times that a significant part of China’s cyber operations is targeted against democratic nations, coinciding particularly with the election time of U.S. allies.

“So you will see a lot of the propaganda operations, propaganda and disinformation operations targeting countries such as Japan, South Korea, Australia, India, Taiwan, Philippines,” said Patil.

The United States and its allies—including the European Union, the United Kingdom, and NATO member states—came together in mid-2021 to expose and criticize the Chinese regime’s malicious cyber activities.

The White House said Beijing’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.

“These operations are concerning, especially for China’s strategic competitors in the United States, Japan, and Australia. China’s cyber activities have also been seen as part of its broader strategy to expand its influence and power in the Asia-Pacific region and beyond,” said Ledeen.

Patil said that India has also been at the receiving end of many Chinese cyber operations. He pointed at the cyberattacks that were particularly noted after the bloody India-China conflict of Galwan when Beijing-backed hackers repeatedly breached Indian power grids.

Ledeen said China, in this context, uses its cyber operations to advance its political and strategic goals, including promoting its authoritarian system.

“For example, China conducts cyberattacks on dissidents and human rights organizations, using social media and other digital platforms to spread disinformation and propaganda,” said Ledeen.

“RedAlpha is likely attributable to contractors conducting cyber-espionage activity on behalf of the Chinese state,” said Recorded Future.

RedAlpha, according to the intelligence firm, was registering and weaponizing hundreds of domains by faking as organizations, including the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT).

This list included other global governments, think tanks, and humanitarian organizations that fall within the CCP’s strategic interests.

“Historically, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities. As highlighted within this report, in recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organizations in Taiwan, likely in an effort to gather political intelligence,” said Recorded Future.

Patil said this is the result of consistent investments by the CCP in beefing up its capabilities to target the leading democratic powers.

“China has taken a much [more] strategic view of cyberspace than many other countries,” said Patil.

Since the attacks and counter-attacks are increasing in intensity and number, according to Tahvili, with advancements in AI, cyberwarfare will only become more lethal.

AI techniques can be employed to improve the effectiveness of cyberoffensive operations; for example, AI-driven tools can be used to automate the process of identifying and exploiting vulnerabilities in targeted systems, she said.

“On the other hand, the involvement of China in AI research and development might lead to a growing pool of skilled professionals in this area, who can contribute to both AI advancement and cyber operations,” she said, adding that the ethics of AI will thus become increasingly important for the international community.

“As AI becomes increasingly integrated into cyberoffensive operations, questions surrounding the ethical use of AI in warfare and espionage will become more pressing,” said Tahvili.