In recent years, we have witnessed a veritable arsenal of Chinese digital attacks in action, both in attacks on information systems and in cleverly organised disinformation campaigns. One might say, just as Russia is doing against Ukraine. However, in the case of China’s digital attacks, everything seems to be much more sophisticated. Here’s how it all works.
The cyber ddos attacks and disinformation campaigns carried out by China are mostly based on content available on the Internet, against two entities – Taiwan and the United States, according to research by Marco Santarelli, chairman of the IC2 Lab research committee and professor at the University of Parma.
Mandiant, an international cyber security firm, has uncovered a Chinese disinformation and fake news operation aimed at discrediting opposing countries. The disinformation campaign was launched in several world languages by Haixun Technology, a major public relations firm based in Shanghai. A total of 72 Chinese websites that have published fake news and disinformation advertise themselves as independent news publications, similar in name to authoritative newspapers.
The German anthropologist and academic Dr Adrian Zenz, who specialises in Chinese ethnic politics, is well known for his research into the cultural genocide of the Uighurs, an ethnic group of Turkish-speakers of the Islamic faith living in north-west China, particularly in the Xinjiang Autonomous Region, but also for being among the first to draw public attention to the re-education camps in this autonomous Chinese region, and is one of the best-known victims of China’s disinformation campaign.
In fact, news spread online that US Senator Marco Rubio and former Donald Trump adviser Steve Bannon had funded his studies with 625 000 dollars, citing social accounts with names such as Jonas Drosten, a former colleague of Zenz’s, as the very source of Zenz’s exposure. .
This disinformation campaign has at its heart many famous people, from Zenz, to the Chinese entrepreneur Guo Wengui, that is to say, the founder of the Chinese meditation discipline Falun Gong, to Nancy Pelosi and her famous visit to Taiwan. This fictitious Taiwanese newspaper spoke of the substantial fee that Mike Pompeo, former US Secretary of State during the Trump presidency, was to receive for his visit to the island.
The abortion decision of the Supreme Court in Washington has also been used to fuel a disinformation campaign against China, including by using the testimony of a supposedly American woman who spoke of the harsh police crackdown on protesters challenging the ruling.
There is also no shortage of fake news about American bio-labs in Ukraine, which are joining in with Russian propaganda on the subject.
Interestingly, the second front of Chinese propaganda is the ddos attacks on the Taiwanese Government’s websites. A good example of how all this works in practice is the visit to Taiwan of the aforementioned Nancy Pelosi, the first woman in history to hold the powerful position of Speaker of the US House of Representatives.
In addition to the reactions that this visit has provoked against China, including large-scale military exercises around the islands organised by Beijing in violation of United Nations rules prohibiting the usurpation of territorial waters, it has also been targeted, according to Taiwan officials, by simultaneous cyber-attacks directed at the United States. It so happened that the screens in the sales offices of the American 7-11 chain were hacked, so that the screens in some of the branches of this chain in Taiwan displayed what Nancy Pelosi calls ‘warmongering’. In addition, this hacking also included official government websites belonging to the Office of the President, the Ministries of Foreign Affairs and Defence, and Infrastructure, as well as screens installed in train stations across the island.
According to the Taiwanese government, which did not directly accuse the Chinese government at the time, the attack came from China and Russia, and the companies whose screens were altered used Chinese software that could contain so-called backdoor or Trojan malware.
Comparison of cyber attack techniques from China and Russia
Analysts believe that in the case of China, compared to previous Russian disinformation campaigns, we are facing a higher level of activity, at least in terms of the IT systems used and the mechanisms used to spread fake news online.
Even before 24 February, the day of the Russian attack on Ukraine, Russia was reportedly targeting banks, institutions and businesses with cyber attacks. In total, Ukraine has been subjected to at least 237 cyber operations since the beginning of the Russia-Ukraine conflict, targeting state institutions and structures, as well as services and infrastructure for civilians. In the case of Russian intelligence, cybercrime was based on specially created slogans, while China relied on a fairly strongly branded private sector company that actually existed and, moreover, had many customers, i.e. buyers of its products, all over the world.
In the past, private sector companies have been used for disinformation purposes, but in this case, Nancy Pelosi, now a classic in the field of disinformation studies, has been chosen as a larger and more recognised reality. In any case, the advantage of using private sector entities is that the news that is disseminated to the public gains greater credibility, while at the same time the real instigator of the action is fairly well concealed.
Taiwan’s Minister of Digital Technology, Audrey Tang, said in her subsequent remarks that the volume of cyber-attacks on government units in Taiwan before and during Nancy Pelosi’s arrival exceeded 15,000 gigabits, 23 times the previous daily record. From a security point of view, this has quite logically led Taiwan to take measures to improve the security of the country’s key infrastructure, hydroelectric power plants and airports, as well as government offices.
It is interesting to note that the organised attacks on Taiwanese government websites prior to Mrs Pelosi’s visit were in the hands of Chinese hacktivists, according to an official announcement by the Cyber Security Research Organisation. The hacker group APT 27, which has been accused by Western authorities of being a Chinese state-sponsored group, claimed responsibility for the cyber attacks in Taiwan, as well as for shutting down 60 000 Internet-connected devices on the island, claiming on YouTube that they were aimed at protesting Pelosi’s visit, completely ignoring Chinese warnings before her arrival.
These attacks, together with the military exercises carried out by China, were intended to simulate a real invasion of China. However, the Chinese Government has not responded to the accusations, nor has the Cyberspace Administration of China, which regulates the Internet in the country. Overall, cyber threat intelligence expert Eryk Waligora believes that there have certainly been worse attacks than this one, which, like the previous one that occurred between November and February 2021, forced several financial institutions in Taiwan to suspend online transactions, likely resulting in much more sophisticated and damaging cyber attacks./Demostat, Danas/