IN-DEPTH: China Escalates Its Cyberwar Against the West

IN-DEPTH: China Escalates Its Cyberwar Against the West
A hacker uses his computer in Dongguan, in China's southern Guangdong Province, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images
Venus Upadhayaya
Updated:
0:00

Over the past few decades, China has adopted a policy of information warfare against its global adversaries by leveraging its civilian cyber sector. This constitutes Beijing’s “people’s war” on the world inflicted by its civilian cyber militias, according to cybersecurity experts.

The Chinese Communist Party’s (CCP) civilian cyber sector includes individual cyberoperatives, private institutions, academia, and government institutions. In operational terms, these civilian sector operators do not have an official place within the People’s Liberation Army’s (PLA) order of battle. They turn into the communist regime’s “cyber proxies and mercenaries,” according to Simone Ledeen, a senior visiting fellow at the Krach Institute for Tech Diplomacy at Purdue University and a former deputy assistant secretary of defense for the Middle East.

Ledeen said these proxies conduct cyberespionage and cyberattacks to collect sensitive information from foreign governments, companies, and organizations, giving China a competitive advantage over its adversaries.

A striking recent example of such an operation was the theft of over $20 million in U.S. COVID-19 relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen U.S. states last year by the Chinese state-linked cybercriminal group called APT41.
It was the first incident of Chinese hackers targeting U.S. government money. It has happened despite U.S. dominance in cyberspace and its cyberoffensive capabilities being more developed than any other country—a ranking that an IISS research paper determined in 2021.

The APT41 has been on the “wanted” list of the FBI since 2019 after a grand jury in Washington returned an indictment against APT41 members and Chinese nationals Zhang Haoran and Tan Dailin and another indictment in 2020 against other members, Qian Chuan, Fu Qiang, and Jiang Lizhi.

The group’s victims included companies in Australia, Brazil, Germany, India, Japan, and Sweden. The defendants, according to the FBI, allegedly targeted telecommunications providers in the United States, Australia, China (Tibet), Chile, India, Indonesia, Malaysia, Pakistan, Singapore, South Korea, Taiwan, and Thailand.
The U.S. Secret Service Department described APT41 as a “Chinese state-sponsored, cyberthreat group” in a statement to NBC News.

The Epoch Times reached out to the Secret Service for comment but didn’t get a response as of press time.

FireEye, a cybersecurity firm, said in an extensive report on APT41 that the group conducts state-sponsored espionage activity in parallel with its own financially motivated operations.
“APT41 espionage targeting has generally aligned with China’s Five-Year economic development plans,” said the report (pdf).
Another alleged Chinese hacking group, “LightBasin,” publically known as UNC1945, has targeted the global telecommunications sector since 2016. The nature of the data collected by these hackers “aligns with information likely to be of significant interest to signals intelligence operations,” said Crowd Strike in its investigation report in 2021.
The investigating agency said it doesn’t have enough evidence to point at any “country nexus.” Still, most digital news media, including Cyber Scoop, pointed at UNC1945’s Chinese origin and discussed its other malicious activities.

Likewise, the internet has many news reports of the malicious activities of the Chinese cyber proxies and state cyber actors. These operations are only increasing in their sophistication, with 25 percent of China’s overall hacking activities being targeted at the United States alone, according to a two-month-old NBC report.

An earlier 2021 investigation by Crowd Strike found that China was responsible for two-thirds of the overall state-sponsored attacks globally. The IISS research (pdf) concludes that due to its growing indigenous digital-industrial capacity, China is on its way to joining the United States in having world-leading cyber capabilities.
Deputy Attorney General Rod Rosenstein speaks at a press conference about Chinese hacking at the Justice Department in Washington on Dec. 20, 2018. (Nicholas Kamm/AFP/Getty Images)
Deputy Attorney General Rod Rosenstein speaks at a press conference about Chinese hacking at the Justice Department in Washington on Dec. 20, 2018. Nicholas Kamm/AFP/Getty Images

‘Civil-Military Partnership’

Global awareness about China’s “people’s war” on the cyber sphere started building immediately after its operations began. Kieran Richard Green of Tufts University defined China’s “people’s war” as tinted cyberoffense within the “information domain” of its geopolitical strategy.
In a seven-year-old paper titled “People’s War in Cyberspace: Using China’s Civilian Economy in the Information Domain (pdf),“ Green said China’s cyber operations today are a ”civil-military” partnership and Beijing’s military cyber capabilities are only a part of its larger operations.

“Indeed, one of the hallmarks of China’s cyber strategy is the degree to which it integrates their civilian economy into its approach to the information domain,” said Green, adding that the PLA coordinates various components of the information domain with parts of the civilian economy to use it as a “force multiplier.”

The local militias were a key component of Mao Zedong’s concept of “people’s war” (人民战争) until 1978, after which their importance was reduced, and the PLA modernized and professionalized. The same development was also seen in China’s cyberwarfare.

In the late 1990s and early 2000s, when Beijing’s information warfare capabilities emerged, the Chinese “patriotic” nationals routinely conducted operations with little oversight from the CCP, according to Green.

“The Chinese government initially encouraged these adventures, but by 2002 the CCP began to rein in these freelancers while simultaneously replacing them with auxiliaries dedicated to information warfare. Patriotic hackers were either ‘absorbed’ into the PLA through recruitment or integrated through the militia system,” said Green, adding that Beijing’s cyber auxiliaries are a part of the PLA’s 8-million-man militia system, as well as part of the forces of other agencies.

The 8-million-man militia would have grown exponentially in this period, and the cyber auxiliaries would have increased within it. However, The Epoch Times hasn’t been able to determine the current statistics.

Green said it’s difficult to decipher China’s cyber “people’s war” because it’s difficult to find the exact functions of cyber auxiliaries through open-source information. But he mentioned that the units are recruited from and organized as “cells” within government, telecommunications, and academic institutions.

Sahar Tahvili, an artificial intelligence (AI) researcher who holds a doctorate in software engineering and is the author of “Artificial Intelligence Methods of Optimization of the Software Testing Process,“ told The Epoch Times in an email that limited evidence about China’s cultivated relationship with non-state cyberoperatives helps it ”to maintain a level of plausible deniability.”

The Anthem Health Insurance headquarters in Indianapolis, Indiana, on Feb. 5, 2015. Chinese hackers stole 80 million records from the healthcare company. (Aaron P. Bernstein/Getty Images)
The Anthem Health Insurance headquarters in Indianapolis, Indiana, on Feb. 5, 2015. Chinese hackers stole 80 million records from the healthcare company. Aaron P. Bernstein/Getty Images

CCP’s War Against Democracies

For the CCP, which is constantly acting to counter the liberal world order, the “people’s war” narrative is part of its communist ideology. What was observed during Mao’s time is being repeated today in the cyber sphere against democracies, said experts.
Benjamin R. Young, an assistant professor at the Wilder School of Government and Public Affairs, said in an op-ed on Foreign Policy that Mao’s dictum—“the richest source of power to wage war lies in the masses of the people”—given during a 1938 lecture to his communist comrades influenced officials and policy planners across all departments.

Sameer Patil, a senior fellow at the India-based Observer’s Research Foundation, told The Epoch Times that a significant part of China’s cyber operations is targeted against democratic nations, coinciding particularly with the election time of U.S. allies.

“So you will see a lot of the propaganda operations, propaganda and disinformation operations targeting countries such as Japan, South Korea, Australia, India, Taiwan, Philippines,” said Patil.

The United States and its allies—including the European Union, the United Kingdom, and NATO member states—came together in mid-2021 to expose and criticize the Chinese regime’s malicious cyber activities.

“The United States is deeply concerned that the PRC [People’s Republic of China] has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit,” said the White House in a statement.

The White House said Beijing’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.

“These operations are concerning, especially for China’s strategic competitors in the United States, Japan, and Australia. China’s cyber activities have also been seen as part of its broader strategy to expand its influence and power in the Asia-Pacific region and beyond,” said Ledeen.

Patil said that India has also been at the receiving end of many Chinese cyber operations. He pointed at the cyberattacks that were particularly noted after the bloody India-China conflict of Galwan when Beijing-backed hackers repeatedly breached Indian power grids.

“The two known instances being Mumbai [in] October 2020 and Ladakh, reported in April 2022,” he said, adding that India is also one of the top 10 victims of ransomware.
A man walks past a poster depicting portraits of Indian soldiers killed in a hand-to-hand fight with their Chinese counterpart on June 15, in a market area in New Delhi on Aug. 31, 2020. (Jewel Samad/ AFP via Getty Images)
A man walks past a poster depicting portraits of Indian soldiers killed in a hand-to-hand fight with their Chinese counterpart on June 15, in a market area in New Delhi on Aug. 31, 2020. Jewel Samad/ AFP via Getty Images

Attacking Activists

The Chinese regime’s cyber “people’s war” targets individuals working globally—particularly those that expose its human rights violations—to nullify its malicious activities and propaganda, according to experts and reports.

Ledeen said China, in this context, uses its cyber operations to advance its political and strategic goals, including promoting its authoritarian system.

“For example, China conducts cyberattacks on dissidents and human rights organizations, using social media and other digital platforms to spread disinformation and propaganda,” said Ledeen.

A Chinese state-sponsored threat activity group called the “RedAlpha” has been targeting human rights organizations, think tanks, news media, and agencies of multiple foreign governments for the past three years, according to a lengthy report released mid-last year by Recorded Future, a global intelligence firm.

“RedAlpha is likely attributable to contractors conducting cyber-espionage activity on behalf of the Chinese state,” said Recorded Future.

RedAlpha, according to the intelligence firm, was registering and weaponizing hundreds of domains by faking as organizations, including the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT).

This list included other global governments, think tanks, and humanitarian organizations that fall within the CCP’s strategic interests.

“Historically, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities. As highlighted within this report, in recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organizations in Taiwan, likely in an effort to gather political intelligence,” said Recorded Future.

Cyberwarfare specialists serving with the Maryland Air National Guard’s 175th Cyberspace Operations Group at a training session at Warfield Air National Guard Base in Middle River, Md., June 3, 2017. (Air Force photo by J.M. Eddins Jr.)
Cyberwarfare specialists serving with the Maryland Air National Guard’s 175th Cyberspace Operations Group at a training session at Warfield Air National Guard Base in Middle River, Md., June 3, 2017. Air Force photo by J.M. Eddins Jr.

Pace of Growth

What’s hard-hitting in this context of growing global cyber animosity between the United States, its allies, and China is the pace at which the latter’s cyberoffensive operations have grown compared to those of its adversaries, such as the United States.
Christopher Wray, the director of the FBI, told the House Committee on Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies on April 27 that Chinese hackers outnumber the U.S. cyber personnel by at least 50 to 1 even if each of the FBI’s agents and intel analysts solely focussed on China.

Patil said this is the result of consistent investments by the CCP in beefing up its capabilities to target the leading democratic powers.

“China has taken a much [more] strategic view of cyberspace than many other countries,” said Patil.

While the world complains about Chinese cyberattacks, Beijing has been leveraging similar allegations against the United States and its allies. Chinese state media Xinhua reported last year that internet addresses in the United States seized Chinese computers to launch attacks in Belarus, Russia, and Ukraine.

Since the attacks and counter-attacks are increasing in intensity and number, according to Tahvili, with advancements in AI, cyberwarfare will only become more lethal.

AI techniques can be employed to improve the effectiveness of cyberoffensive operations; for example, AI-driven tools can be used to automate the process of identifying and exploiting vulnerabilities in targeted systems, she said.

“On the other hand, the involvement of China in AI research and development might lead to a growing pool of skilled professionals in this area, who can contribute to both AI advancement and cyber operations,” she said, adding that the ethics of AI will thus become increasingly important for the international community.

“As AI becomes increasingly integrated into cyberoffensive operations, questions surrounding the ethical use of AI in warfare and espionage will become more pressing,” said Tahvili.

Venus Upadhayaya
Venus Upadhayaya
Reporter
Venus Upadhayaya reports on India, China, and the Global South. Her traditional area of expertise is in Indian and South Asian geopolitics. Community media, sustainable development, and leadership remain her other areas of interest.
twitter
Related Topics