Law Enforcement

Answer

Supporting Evidence

Central Asia: Report accuses Chinese hackers of attacking Uzbek Foreign Ministry’s servers

1. https://eurasianet.org/central-asia-report-accuses-chinese-hackers-of-attacking-uzbek-foreign-ministrys-servers

Supplementary Notes

Cyber Espionage on Afghanistan, Kyrgyzstan and Uzbekistan by Chinese-speaking Hacker Group Link

1. https://blog.checkpoint.com/security/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/

Answered by Farkhod Tolipov, and has been reviewed by Ani Kintsurashvili

Answer

Supporting Evidence

"Since late February, Chinese cyber-actors have been launching cyber-attacks against government and military networks in Ukraine, Russia and Belarus (2022) Link China’s computers hacked to launch cyberattacks on Russia, Ukraine and Belarus (2022) Link"

1. https://www.bbc.com/news/technology-60983346
2. https://dig.watch/updates/chinas-computers-hacked-to-launch-cyberattacks-on-russia-ukraine-and-belarus

Answered by 1 anonymous expert, and has been reviewed by Ani Kintsurashvili

Answer

Supporting Evidence

In my country, there are reports of cyber-attacks targeting government, critical infrastructure or companies that were suspected to have come from the PRC. Therefore, this indicator deserves "yes" response.

1. https://n9.cl/rfotd
2. https://n9.cl/03ru1
3. https://n9.cl/cdjlft

Supplementary Notes

The government of costa rica considers the Chinese government to be a higher risk government than a country that is not in the process of accession or has acceded to the Budapest Convention (See video link at minute 01:16:01).

Answered by 1 anonymous expert, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

A group of cyber attacks were detected on the system of the Organismo Supervisor de las Contrataciones del Estado (OSCE). A spy entered the platform managed by said entity to provide information on proposals presented to Chinese construction companies. Therefore, this indicator deserves a “Yes” response.

1. https://gestion.pe/peru/politica/espionaje-en-osce-habria-permitido-que-constructoras-chinas-ganen-millonarios-contratos-con-el-estado-rmmn-noticia/?ref=gesr

Answered by Jack Lo Lau and Jorge Jesús Chávez Ortíz, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

The most notable case is related to a Chinese company that used a Hongkong subsidiary to perform a massive cyberattack to the digital vaults of the bank. Most of the funds couldn’t be found, but the legal registry In Hong Kong showed that these companies and their owners had their headquarters in Mainland China. Chile is among the most targeted countries in the region in terms of cybersecurity attacks, but the source of the attacks is not often disclosed since the country receives million of attack attempts a year. Therefore this indicator deserves a "Yes" response.

1. https://www.elmostrador.cl/noticias/pais/2023/12/09/mas-de-740-000-ciberataques-en-2023-en-chile-la-mayoria-de-hackers-chinos/
2. https://www.latercera.com/pulso-pm/noticia/empresas-y-corporaciones-chilenas-recibieron-mas-de-740-mil-ciberataques-entre-enero-y-septiembre-mas-de-la-mitad-fue-a-bancos/JJU6PTDZXVG5VAC4IZ2BGTZL5Q/

Supplementary Notes

Banco de Chile Cybertattack (2018): Link; on the background of the companies involved: Link

1. https://www.24horas.cl/economia/policia-de-hong-kong-detiene-a-sospechoso-por-millonario-ciberataque-a-banco-de-chile-2793449
2. http://www.economiaynegocios.cl/noticias/noticias.asp?id=497084

Answered by Sascha Hannig Núñez, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

In 2023, the head of the National Elections Council (CNE) mentioned that there was an attack on telematic voting from China and other countries.

1. https://www.infobae.com/america/america-latina/2023/08/20/el-consejo-electoral-de-ecuador-confirmo-un-ataque-cibernetico-en-su-sistema-de-voto-en-el-extranjero/

Answered by Paúl Mena Mena, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

"Attackers on underground forums are also actively looking for African "drops"—individuals who participate in fraudulent schemes for illicit income. For example, requests for drops in Nigeria, Senegal, Algeria, and South Africa were found in Telegram channels."

1. https://www.ptsecurity.com/ww-en/analytics/africa-cybersecurity-threatscape-2022-2023/

Answered by 1 anonymous expert, and has been reviewed by Filip Noubel

Answer

Supporting Evidence

The number presumably linked to China is growing

1. https://www.numerama.com/cyberguerre/1247800-cyberespionnage-la-chine-est-tres-active-contre-la-france.html

Answered by 1 anonymous expert, and has been reviewed by Filip Noubel

Answer

Supporting Evidence

In Bangladesh, the financial sector confronts an average of 630 cyberattacks daily, with 24% originating from China, 12% from Russia, and 13% from North Korea. Also, hackers associated with China's Ministry of State Security (MSS) have attacked 17 different countries including Bangladesh from 2021 to 2023.

1. https://www.thedailystar.net/supplements/digital-transformation-bangladeshs-financial-industry-2023/news/cybersecurity-challenges-bangladeshs-financial-sector-3475851
2. https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html

Answered by 1 anonymous expert, and has been reviewed by Filip Noubel

Answer

Supporting Evidence

Lithuanian intelligence agencies have been reporting on the malicious use of Chinese cyber capabilities observed in Lithuania since at least 2020. Therefore, this indicator deserves a "Yes" response.

1. https://www.vsd.lt/wp-content/uploads/2022/04/ANGL-el-_.pdf
2. https://kam.lt/wp-content/uploads/2023/03/Assessment-of-Threats-to-National-Security-2022-published-2023.pdf

Answered by Konstantinas Andrijauskas, and has been reviewed by Vida Mačikėnaitė-Ambutavičienė and Linas Didvalis

Answer

Supporting Evidence

There have been reports (including from the New York Times) that the Chinese hacked the Bulgarian Foreign Ministry along the foreign ministries of other European countries. The hacking of the system that issues covid certificates was said to have been conducted also from Chinese locations, among others. There haven't been more recent cases. Therefore, this indicator deserves a yes response.

1. https://bntnews.bg/bg/a/113406-kitajski_hakeri_atakuvat_evropejski_vynshni_ministerstva
2. https://bnr.bg/horizont/post/101545783/spored-informacionno-obslujvane-balgaria-e-obekt-na-golama-kiber-ataka

Answered by Rumena Filipova, and has been reviewed by Matej Šimalčík

Answer

Supporting Evidence

According to Trend Micro, at least one organization has been impacted by a phishing attack since 2022 initiated from China. The identity of the affected organization is not known. Therefore, this indicator deserves a "Yes" response.

1. https://hvg.hu/tudomany/20240320_kinai-hackerek-apt-earth-krahang-muvelet-kormanyzati-szervek-elleni-tamadasok-adathalasz-phishing-tamadas
2. https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html#

Answered by 1 anonymous expert, and has been reviewed by Kristina Kironska

Answer

Supporting Evidence

Belgium’s cyber security agency has linked China-sponsored hackers to an attack on a prominent politician, who is known to be critical of China in Human Rights issues (Samuel Cogolati). At least four other members of the national parliament have fallen victim by the same hacking collective. Also the Ministry of Defence as well as the Ministry the Interior has fallen victim to a cyber attack by - allegedly - Chinese hackers.

1. https://www.ft.com/content/5c32261c-b1a6-488e-9002-0ca9e0c8ff1b
2. https://www.vrt.be/vrtnws/nl/2024/04/25/els-van-hoof-hacking-china/
3. https://www.vrt.be/vrtnws/nl/2022/07/19/belgie-beschuldigt-chinese-hackers-van-cyberaanvallen-op-defensi/

Answered by 1 anonymous expert, and has been reviewed by Richard Turcsányi

Answer

Supporting Evidence

MEP Miriam Lexmann was targetted by cyberattacks linked to Chinese government.

1. https://www.politico.eu/article/china-targeted-european-lawmakers-cyberattacks-washington-says/

Answered by Matej Šimalčík, and has been reviewed by Richard Turcsányi

Answer

Supporting Evidence

Politicians targeted by APT31. Several reports of municipalities being targeted.

1. https://www.svt.se/nyheter/inrikes/svenskars-routrar-har-utnyttjats-av-kinesisk-hackergrupp
2. https://kinacentrum.se/wp-content/uploads/2022/11/statliga-kinesiska-paverkanskampanjer-mot-demokratin-i-svenska-kommuner.pdf

Answered by 1 anonymous expert, and has been reviewed by Richard Turcsányi

Answer

Supporting Evidence

Uncovered in spring 2013, a large-scale spying of the IT networks at the Finnish Ministry for Foreign Affairs focused on data traffic between Finland and the European Union and is believed to have continued for four years. A more recent large-scale cyberattack targeting the Finnish Parliament with the Finnish Security Intelligence Service (FSIS) revealing for the first time that the attack was of PRC origin. Chinese shippinig vessel is suspected of causing the disruption of an underwater gaspipe line.

1. https://www.mtvuutiset.fi/artikkeli/itameren-kaasuputki-ja-kaapelivauriot-aiheutti-yksi-laiva-arvioi-hybridiosaamiskeskuksen-savolainen/8802852
2. https://www.is.fi/digitoday/tietoturva/art-2000010319962.html

Answered by 1 anonymous expert, and has been reviewed by Richard Turcsányi

Answer

Supporting Evidence

In their most recent report on the "espionage threat" against Denmark, the Danish Police Intelligence Service warns that the "threat primarily emanates from Russia and China", adding that "China has substantial cyber espionage capabilities and poses a constant threat to Danish authorities and companies." Moreover, the report also claims "that China may use any Danish dependency on Chinese components as a means of pressure in case of major deterioration of the bilateral relations between China and Denmark." Moreover, members of the parliament have been hacked.

1. https://pet.dk/en/-/media/mediefiler/pet/dokumenter/analyser-og-vurderinger/vurdering-af-spionagetruslen-mod-danmark/vurdering-af-spionagetruslen-mod-danmark-2023_uk_web.pdf
2. https://nyheder.tv2.dk/politik/2024-05-15-politikere-maaber-efter-orientering-om-hackingsag

Answered by 2 anonymous experts, and has been reviewed by Kristina Kironska

Answer

Supporting Evidence

The National Cyber Security Centre said its assessment shows China-backed actors targeted parliamentarians and the Electoral Commission. Irish cybersecurity officials have identified China as a potential threat in terms of cyber attacks. In 2023, Ireland's National Cyber Security Centre reported a significant increase in cyber investigations, with China mentioned as a concern.

1. https://www.irishnews.com/news/uk/cyber-security-agency-says-china-behind-malicious-cyber-attacks-on-uk-M44DSXJ7PFOKBC4NOBKIH7VZJ4/
2. https://www.ncsc.gov.ie/
3. https://www.irishexaminer.com/news/arid-41406017.html

Answered by 2 anonymous experts, and has been reviewed by Richard Turcsányi

Answer

Supporting Evidence

Chinese hackers several times targeted websites of the Turkish Embassy in China, Turkish Foreign Ministry, other ministries, private enterprises and Turkish Uyghur groups and individuals. The reason for most of the attacks are related to China’s treatment of its Uyghur population which has close cultural, linguistic and religious links with Turkey. Therefore, this Indicator deserves a "Few, significant" rating.

1. https://www.chip.com.tr/haber/cin-den-turkiye-ye-hacker-saldirisi_13971.html
2. https://siberbulten.com/sektorel/trky/cinli-hacker-grubunun-turk-devlet-kurumlarina-saldirdigi-ortaya-cikti/
3. https://www.hurriyet.com.tr/teknoloji/turkiyeye-cirkin-saldiri-12073764
4. https://www.dw.com/tr/yemeksepeti-hackerlar%C4%B1-konu%C5%9Ftu-20-milyondan-fazla-ki%C5%9Finin-verileri-elimizde/a-59893203

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

More than anything else, there are allegations, especially coming from US institutions, regarding threats or cyberattacks coming from PRC-affiliated sources. Therefore, the indicator deserves a "Few" and "Insignificant" rating.

1. https://www.iai.it/sites/default/files/iaip2152.pdf

Answered by 1 anonymous expert, and has been reviewed by Mădălina Voinea and Sorin Ionita

Answer

Supporting Evidence

The PRC has been accused by the Dutch secret service of being responsible for multiple cyber-attacks on the country within recent years. This is potentially one of the reasons that secret service have deemed the PRC to be the greatest threat to Dutch economic security in 2022.

1. https://www.volkskrant.nl/nieuws-achtergrond/chinese-staatshackers-drongen-binnen-bij-nederlandse-overheid-dankzij-wereldwijd-citrix-lek~b27bb767/

Answered by 1 anonymous expert, and has been reviewed by Mădălina Voinea and Sorin Ionita

Answer

Supporting Evidence

In the Western mass media and specialized cyber media, information about cyber attacks against Ukraine, which are blamed on representatives of China, periodically appears.

1. https://www.theguardian.com/technology/2022/apr/01/china-accused-of-launching-cyber-attacks-on-ukraine-before-russian-invasion
2. https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/

Answered by 1 anonymous expert, and has been reviewed by Mădălina Voinea and Sorin Ionita

Answer

Supporting Evidence

There are reports from the cybersecurity agency in Spain mostly aiming at enterprises.

1. https://www.interior.gob.es/opencms/pdf/archivos-y-documentacion/documentacion-y-publicaciones/publicaciones-descargables/publicaciones-periodicas/informe-sobre-la-cibercriminalidad-en-Espana/Informe_cibercriminalidad_Espana_2021_126200212.pdf
2. https://www.epe.es/es/tecnologia/20230907/son-lockbit-piratas-detras-ciberataque-91815151

Answered by Hernan Alberro, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Over the last few years, there has been a series of cyber attacks targeting government, critical infrastructure and enterprises from PRC based actors. The attacks have been numerous and have targeted multiple sectors be it government, private, critical infrastructure and as such, these are significant in terms of the impact they have on these sectors.

1. https://www.moneycontrol.com/news/business/china-based-threat-actors-target-uidai-aiims-icmr-shows-cybersecurity-advisory-10769631.html
2. https://economictimes.indiatimes.com/tech/technology/india-most-targeted-country-by-cyber-attackers-report/articleshow/104989856.cms
3. https://web.archive.org/web/20240109051337/https://www.moneycontrol.com/europe/?url=https://www.moneycontrol.com/news/business/china-based-threat-actors-target-uidai-aiims-icmr-shows-cybersecurity-advisory-10769631.html
4. https://web.archive.org/web/20240109051450/https://economictimes.indiatimes.com/tech/technology/india-most-targeted-country-by-cyber-attackers-report/articleshow/104989856.cms

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

PlugX, a strain of malware connected to the Chinese Ministry of State Security has been found in Nigeria. Therefore, this Indicator deserves a “More than a Few” rating. 15 countries were found to account for over 80% of the total infections — led by Nigeria, India, Iran, Indonesia, the United States. Therefore, this Indicator deserves an “Significant” rating.

1. https://web.archive.org/web/20240309020619/https://therecord.media/african-telecom-targeted-by-chinese-hackers
2. https://therecord.media/plugx-malware-infections-more-than-170-countries

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

South African companies and the government has been repeatedly hacked by Chinese entities to steal trade secrets. Therefore, this Indicator deserves a "more than a few" rating, but their impact has been low or if otherwise it has not been reported, so it deserves an "Insignificant" rating.

1. https://www.dailymaverick.co.za/article/2022-04-20-empire-of-hacking-south-africa-caught-in-the-middle-of-us-china-spying-spat/
2. https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html
3. https://www.securityweek.com/chinas-offensive-cyber-operations-in-africa-support-soft-power-efforts/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

In December 2020, the technology staff of the African Union (AU) received a tip from Japanese cyber researchers. They investigated and discovered that a group of suspected Chinese hackers had installed servers in the basement of an administrative annex. The hackers were secretly stealing surveillance videos from across the AU's large campus in Addis Ababa, the capital of Ethiopia.

1. https://www.reuters.com/article/idUSKBN28Q1EA/
2. https://www.theverge.com/2018/1/29/16946802/china-african-union-spying-hq-cybersecurity-computers-backdoors-espionage

Answered by 2 anonymous experts, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is one documented instance of cyber attack and espionage targeting the Kenyan government which is suspected to have originated from the PRC. Therefore, this Indicator deserves a "Few" response. A 2023 Reuters investigation claimed Chinese hackers targeted key ministries and state institutions. Therefore, this indicator deserves an "Significant" rating.

1. https://www.reuters.com/world/africa/chinese-hackers-attacked-kenyan-government-debt-strains-grew-2023-05-24/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Suspected cyberattacks from the PRC have been reported. Private experts and firms, such as Microsoft, have identified cyberattacks on Singapore originating from the PRC, though there has been no official attribution. News reports suggest that PRC state-linked hackers, Volt Typhoon, were responsible for a hack of Singapore’s main telecommunications provider, SingTel, in June 2024.

1. https://asia.nikkei.com/Spotlight/Asia-Insight/Suspected-China-cyberhack-on-Singapore-is-a-wake-up-call-for-Asia
2. https://www.synergiafoundation.org/insights/analyses-assessments/singapore-s-most-serious-cyberattack
3. https://www.businesstimes.com.sg/international/vast-cyber-espionage-campaign-linked-china-report
4. https://thediplomat.com/tag/singapore-cyberattack/
5. https://thediplomat.com/2017/03/singapore-reveals-cyber-attack-on-defense-ministry/
6. https://www.todayonline.com/singapore/singhealth-cyberattack-likely-be-state-sponsored-medical-data-goldmine-hackers-say-experts
7. https://www.scmp.com/news/asia/southeast-asia/article/2156211/singapore-hit-cyberattack-health-data-15-million-people
8. https://www.channelnewsasia.com/singapore/cybersecurity-csa-phishing-ransomware-ai-3578216
9. https://www.straitstimes.com/singapore/database-of-securities-investors-association-singapore-hacked-in-2013-csa
10. https://sias.org.sg/latest-updates/press-statement-update-on-sias-data-breach/
11. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW
12. https://www.straitstimes.com/singapore/singapore-law-firm-shook-lin-bok-hit-by-cyber-attack-allegedly-paid-189-million-in-ransom
13. https://www.cybersecuritydive.com/news/marina-bay-sands-singapore-cyberattack/699170/
14. https://www.todayonline.com/singapore/cyberattack-caused-7-hour-internet-outage-hit-public-hospitals-polyclinics-attacks-continuing-synapxe-2297036
15. https://www.fca.edu.sg/blog/top-major-cyber-attacks-in-singapore/
16. https://www.straitstimes.com/business/chinese-group-accused-of-hacking-singtel-in-telecom-attacks
17. https://www.theregister.com/2024/11/06/chinas_volt_typhoon_breached_singtel/
18. https://www.reuters.com/technology/cybersecurity/china-state-linked-group-accused-hacking-singtel-bloomberg-news-reports-2024-11-05/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

PRC has contantly utilizing state resources to conduct cyber attacks to Taiwan. According to the U.S.-based cybersecurity firm Trellix, there was an increase in attacks in May 2023 when the tension between Taiwan and PRC spiked. They also observed the malicious cyber activity from PRC rose significantly from 1,758 detections on January 11 to over 4,300 on January 12, 2024.

1. https://www.trellix.com/blogs/research/china-taiwan-tensions-spark-surge-in-cyberattacks-on-taiwan/
2. https://www.trellix.com/blogs/research/cyberattack-on-democracy-escalating-cyber-threats-immediately-ahead-of-taiwan-2024-presidential-election/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

The Government of the Czech Republic says there is evidence of the cyberattacks coming from the PRC, but no major case directly connected to the PRC is known.

1. https://ekonomickydenik.cz/cesko-celi-nepratelskemu-hybridnimu-pusobeni-hrozbou-jsou-kyberutoky-dezinfo-kampane-ekonomicky-natlak-a-sabotazni-a-zpravodajske-aktivity-varuje-strategie/

Answered by 2 anonymous experts, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Vietnam has been a target of cyber attacks by hacker groups attributed to the PRC in previous years. Cybersecurity threatscape of Asia: 2022–2023

1. https://www.securityweek.com/chinese-cyberspies-target-military-organizations-asia-new-malware/
2. https://www.ptsecurity.com/ww-en/analytics/asia-cybersecurity-threatscape-2022-2023/
3. https://www.wired.co.uk/article/china-hack-emails-asean-southeast-asia

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

In 2021, Nepal Telecom was subjected to a terrible ""cyber attack"" from China. In 2019, Nepal detained 122 Chinese for suspected cyber crime and bank fraud. In 2023, there were massive attacks on the Nepali cyber space as cyber attacks resulted in disruptions of hundreds of government websites across the country

1. https://cio.economictimes.indiatimes.com/news/digital-security/nepal-telecom-call-details-stolen-by-chinese-hackers/84366457#:~:text=New%20Delhi%3A%20Nepal%20Telecom%20has,the%20call%20details%20of%20Nepalis.
2. https://www.reuters.com/article/us-nepal-china-crime-idUSKBN1YS0AP
3. https://kathmandupost.com/national/2023/01/30/singha-durbar-server-continues-to-face-cyberattacks

Answered by Sriparna Pathak, and has been reviewed by Amish Mulmi

Answer

Supporting Evidence

In 2015, Russia and China signed an agreement of mutual non-aggression in cyberspace. However, Chinese hackers, backed by the government or acting independently, have been attacking Russian critical infrastructure and companies for years. In 2023, attacks targeted several Russian companies, including telecom operators, software designers, and vendors. According to Kaspersky (an antivirus software development company), in the first seven months of 2016, Chinese hackers attacked Russian defense, nuclear, and other critical infrastructure 194 times.

1. https://www.forbes.ru/tekhnologii/484840-group-ib-rasskazala-o-napadenii-kitajskih-hakerov-na-rossijskij-it-sektor
2. https://www.vedomosti.ru/technology/news/2022/03/11/913049-kitai-soobschil-o-massovih-hakerskih-atakah-na-rossiyu
3. https://safe.cnews.ru/news/top/2022-05-04_kitaj_bez_obyasneniya_prichin
4. https://www.cnews.ru/news/top/2021-08-05_kitajskie_hakery_v_techenie

Answered by 1 anonymous expert, and has been reviewed by another 3 anonymous experts.

Answer

Supporting Evidence

Yes, cyber attacks originating in the PRC have been reported.

1. https://web.archive.org/web/20210720043446/
2. https://www.beehive.govt.nz/release/new-zealand-condemns-malicious-cyber-activity-chinese-state-sponsored-actors
3. https://web.archive.org/web/20210719185430/
4. https://www.nzherald.co.nz/nz/government-accuses-china-of-state-sponsored-cyber-attacks/MUJBE7NQJ34YYOJVMD3LPGWCGY/
5. https://web.archive.org/web/20231023052410/
6. https://www.rnz.co.nz/news/world/490642/nz-warned-after-chinese-hackers-target-critical-us-infrastructure-intelligence-agencies

Answered by Catherine Churchman, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

From a report by the US, it is reported that Chinese hackers targeted military and civilian organisations in several Southeast Asian nations, including Malaysia, particularly those with similar territorial claims or strategic infrastructure projects.

1. https://www.scmp.com/news/asia/australasia/article/3190775/south-china-sea-us-firm-accuses-chinese-hackers-targeting

Answered by 2 anonymous experts, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

The attacks by BlackTech were reported. Therefore, this Indicator deserves a "Yes" response.

1. https://www3.nhk.or.jp/news/html/20230928/k10014208601000.html
2. https://www.npa.go.jp/bureau/cyber/koho/caution/caution20230927.html

Answered by Yuki Moritarni, and has been reviewed by Maiko Ichihara and Ryohei Suzuki

Answer

Supporting Evidence

In the era of Moon Jae In's leadership, there were several hacking cases, 27.9% of which were carried out by China. PRC-connected entities operating unauthorized facilities in South Korea. Investigations reveal suspected Chinese secret police stations in Seoul and Jeju Island. The South Korean Foreign Ministry and security authorities are actively investigating these facilities, believed to be part of China's efforts to monitor and repatriate its citizens abroad. For further details, refer to South China Morning Post, Korea JoongAng Daily, and The Korea Times.

1. http://www.newdaily.co.kr/site/data/html/2020/10/07/2020100700155.html
2. https://www.scmp.com/week-asia/people/article/3224646/south-korea-investigates-secret-chinese-police-stations-after-claims-2-more-being-uncovered-jeju
3. https://koreajoongangdaily.joins.com/2022/12/21/national/diplomacy/korea-china-secret-police/20221221150922831.html
4. https://www.koreatimes.co.kr/www/nation/2022/12/120_342086.html

Answered by Muhammad Zulfikar Rakhmat, and has been reviewed by Yeta Purnama

Answer

Supporting Evidence

There was a spamouflage campaign allegedly from China targeting dozens of Canadian MPs including PM Trudeau and the oppositon party leader.

1. https://www.ctvnews.ca/politics/trudeau-poilievre-among-dozens-of-mps-targeted-by-china-linked-spamouflage-campaign-1.6612872

Answered by 1 anonymous expert, and has been reviewed by Terry Glavin

Answer

Supporting Evidence

Yes, China has extensively penetrated virtually all Cambodian government digital presence etc.

1. https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/
2. https://therecord.media/chinese-apt-groups-target-cambodian-organizations

Supplementary Notes

Chinese APT Targeting Cambodian Government Unit 42 has identified malicious Chinese APT infrastructure masquerading as cloud backup services. Monitoring telemetry associated with two prominent Chinese APT groups, we observed network connections predominately originating from the country of Cambodia, including inbound connections originating from at least 24 Cambodian government organizations. We assess with high confidence that these Cambodian government entities were targeted and remain compromised by Chinese APT actors. This assessment is due to the malicious nature and ownership of the infrastructure combined with persistent connections over a period of several months.

Answered by Bradley J. Murg, and has been reviewed by another 2 anonymous experts.

Answer

Supporting Evidence

The Office of the Director of National Intellgience assesses that "China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks." Therefore, this Indicator deserves a "More than a few" rating. China's cyber hacking is estimated to cost the United States nearly $100 billion annually. Therefore, this Indicator deserves a "Significant" rating.

1. https://www.cnn.com/2023/07/12/politics/china-based-hackers-us-government-email-intl-hnk/index.html
2. https://www.dni.gov/files/ODNI/documents/assessments/ATA-2023-Unclassified-Report.pdf
3. https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
4. https://www.cyfirma.com/outofband/china-ip-theft-report/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

The German domestic intelligence services (BfV) states that in 2022, suspected state or state-controlled Chinese actors continued to carry out targeted cyber attacks on companies, authorities and private individuals as well as against political institutions (the main actors being the groups APT 15 and APT 31).

1. https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/verfassungsschutzberichte/2023-06-20-verfassungsschutzbericht-2022.pdf?__blob=publicationFile&v=7

Answered by Angela Stanzel, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

The Sellafield nuclear site was reported to have been hacked into by cyber groups closely linked to Russia and China. While this was reported in December 2023, the breaches have started as far back as 2015. In August 2023, it was reported that Russian and Chinese hackers have breached the Foreign Office's internal systems, which gave the access to the day-to-day business of the government department. In 2020 and 2021, the UK and its allies repeatedly condemend China for conducting malicious cyber activity. In 2022, the MI5 and the FBI held a joint press conference warning Western businesses of the cyber security threat posed by the CCP. There is, therefore, reason to rate this Indicator as 'More than a few'. Given the attacks may have breached Sellafield's system and have breached the Foreign Office's system, the sensitive nature of the targets warrants a 'Significant' rating.

1. https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china
2. https://inews.co.uk/news/russian-chinese-hackers-foreign-office-cyber-attack-secret-public-2541644
3. https://globalnews.ca/news/10148825/britain-denies-sellafield-nuclear-site-cyber-attack-report/
4. https://www.ncsc.gov.uk/news/uk-condemns-chinese-cyber-attacks-against-businesses-governments
5. https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking
6. https://lordslibrary.parliament.uk/china-security-challenges-to-the-uk/#heading-4

Answered by Leo Shaw, and has been reviewed by Sam Dunning and Andrew Yeh

Answer

Supporting Evidence

Evidence shows that the Australian government has been targeted by cyber espionage campaigns from the PRC aimed at extracting sensitive information, including defense and energy. These campaigns have persisted for several months and continue to resurface. Additionally, during the G7 summit in May 2023, Australian leader and government officials were subjected to malware attacks originate from the PRC. Considering that these targets were either in sensitive areas or held high-level positions, and the information was collected over several months and multiple actions, this Indicator deserves a “Significant” rating.

1. https://www.csoonline.com/article/573535/chinese-cyber-espionage-campaign-targeted-australia-south-china-sea-energy-sector-says-study.html
2. https://www.skynews.com.au/australia-news/chinese-cyber-attack-on-australia-targets-defence-and-energy-information-in-monthslong-hack/news-story/23f55f01c93e7b5827f20bf48cfdef67
3. https://www.cybersecurityconnect.com.au/policy/9199-g7-leaders-targeted-by-china-based-hackers

Answered by Leo Shaw, and has been reviewed by Kevin Mooney and Andrew Yeh

Answer

Supporting Evidence

In Israel, there are few reports on cyber attacks, primarily involving Iranian attacks "known to operate on behalf of Chinese state interests."

1. https://www.timesofisrael.com/us-israeli-cyber-firm-uncovers-massive-chinese-backed-industrial-espionage-ring/

Answered by The Institute for National Security Studies (INSS), and has been reviewed by another 1 anonymous expert.

Answer

Not Found

Answered by Valeri Chechelashvili, and has been reviewed by Ani Kintsurashvili

Answer

Not Found

Supplementary Notes

Latvia calls on China to stick to international cyberspace rules Link

1. https://eng.lsm.lv/article/society/crime/latvia-calls-on-china-to-stick-to-international-cyberspace-rules.a413570/

Answered by Una Aleksandra Berzina-Cerenkova, and has been reviewed by Ani Kintsurashvili

Answer

Not Found

Supplementary Notes

In 2013, Kaspersky Lab’s Global Research & Analysis Team discovered a large-scale cyber-espionage network which they called “Red October.” It was able to infiltrate important state and non-state substructures (including diplomatic, governmental and scientific research organizations in different countries, mainly of Eastern Europe and the former USSR) and initiate an elaborate cyber-espionage even retrieving deleted files, in case they were of any interest to the creators of the virus. According to Kaspersky, evidence indicated that the cyber-espionage campaign was active starting from 2007 before being detected in 2013. Armenia made the top ten most infected list with ten cases of infection with the virus. There are plausible traces indicating China’s involvement. Parts of the used technology could be linked to programs used against Tibetan activists and are assumed to be used by China's special services. Link

1. https://www.evnreport.com/politics/armenia-at-the-center-of-state-sponsored-cyber-attacks

Answered by Artak Kyurumyan, and has been reviewed by Ani Kintsurashvili

Answer

Not Found

Supplementary Notes

"Most hacker attacks on Azerbaijan come from USA, China and Russia" Link

1. https://musavat.com/news/azerbaycana-en-cox-haker-hucumlari-abs-cin-ve-rusiyadan-olur_199190.html?d=1

Answered by 2 anonymous experts, and has been reviewed by Aksana Akhmedova

Answer

Supporting Evidence

No evidence was found.

Supplementary Notes

In October 2020, U.S. government officials revealed that suspected Chinese hackers were behind a series of attacks on entities in Russia, India, Ukraine, Kazakhstan, Kyrgyzstan, and Malaysia. Link As part of the campaign, different groups of Chinese hackers have compromised telecom operators in countries including Turkey, Kazakhstan, India, Thailand, and Malaysia, according to four sources. Link Kazakhstan: President pins week-long cyberattacks on foreign-based plotters. Link

1. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
2. https://www.reuters.com/article/idUSKCN1VQ1A4/
3. https://eurasianet.org/kazakhstan-president-pins-week-long-cyberattacks-on-foreign-based-plotters

Answered by Danil Bekturganov and Tatyana Sedova, and has been reviewed by Aksana Akhmedova

Answer

Supporting Evidence

No evidence was found.

Answered by Umedjon Majidi, and has been reviewed by Aksana Akhmedova

Answer

Not Found

Supplementary Notes

In October 2020, U.S. government officials revealed that suspected Chinese hackers were behind a series of attacks on entities in Russia, India, Ukraine, Kazakhstan, Kyrgyzstan, and Malaysia. Link About 100,000 Kyrgyzstanis became victims of cyber attacks in 2021. Link

1. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
2. https://24.kg/english/256859_About_100000_Kyrgyzstanis_become_victims_of_cyber_attacks_in_2021/

Answered by 1 anonymous expert, and has been reviewed by Ani Kintsurashvili

Answer

Not Found

Supplementary Notes

No evidence was found.

Answered by 1 anonymous expert, and has been reviewed by Aksana Akhmedova

Answer

Not Found

Supplementary Notes

No new evidence was found.

Answered by 1 anonymous expert, and has been reviewed by Aksana Akhmedova

Answer

Not Found

Supplementary Notes

Link The China-Arab Cooperation Initiative on Data Security, jointly announced by China and member states of the Arab League (AL) last year as a result of the initiative, makes the Arab world the first region in the world to do so, he said. Lebanon, a member state of the AL, welcomed the initiative in the first instance, "which demonstrates the high degree of consensus on cyber security and digital governance between China and Lebanon as well as Arab nations," the Chinese envoy said.

1. https://english.news.cn/20220617/4dd4d725ccaf4c5889146821bd70325b/c.html

Answered by 2 anonymous experts, and has been reviewed by Aksana Akhmedova

Answer

Not Found

Supplementary Notes

Chinese hackers cyber-attack Mongolia with a digital Coronavirus malware Link Chinese APT suspected of supply chain attack on Mongolian government agencies Link This Chinese hacking group pwned a bunch of Mongolian government sites Link For instance, in 2018, a Chinese hacker group broke into the National Information Center in Mongolia, according to a recent investigation from Kaspersky Lab and further data supplied by CyberScoop, the attackers permitted dangerous malware to be deployed on government websites. Link

1. https://www.cybersecurity-insiders.com/chinese-hackers-cyber-attack-mongolia-with-a-digital-coronavirus-malware/
2. https://www.zdnet.com/article/chinese-apt-suspected-of-supply-chain-attack-on-mongolian-government-agencies/
3. https://cyberscoop.com/apt27-mongolia-kaspersky/
4. https://a24na.com/archives/45486

Answered by Dulamkhorloo Baatar, and has been reviewed by Ani Kintsurashvili

Answer

Supporting Evidence

Despite Mexico is one of the most affected latin american countries by cyber-attacks, there is no form to prove these attacks are coming from the PRC. Therefore, this Indicator deserves "No" response.

1. https://www.animalpolitico.com/tendencias/ciencia-tecnologia/mexico-tercer-pais-latinoamerica-con-mas-ciberataques

Answered by 1 anonymous expert, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon

Answered by Alonso Illueca, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

There is no evidence of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by Team Fundación Andrés Bello - Centro de Investigación Chino Latinoamericano

Answer

Supporting Evidence

no

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

No publicly available reported cases

Answered by Stefan Vladisavljev and 1 anonymous expert, and has been reviewed by Kristina Kironska

Answer

Supporting Evidence

There is no observation of the indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

In 2019 the Ministry of Health reported a ransomware cyber attack which took place against four Romanian hospitals: "Victor Babeș" - Bucharest, Huși, Dorohoi and Alba, based on reports by the Romanian Intelligence Service. Allegedly the hackers were from the PRC, but not necessarily linked with the regime. Since then, no such activity has been reported from that direction, as most of the attacks are associated with Russia

1. https://romania.europalibera.org/a/sri-suspecteaza-hackerii-care-au-atacat-spitalele-romanesti-sunt-de-origine-chineza/30012594.html
2. https://www.agerpres.ro/justitie/2019/06/21/sri-autorii-atacurilor-cibernetice-de-la-spitale-de-origine-chineza--329721

Answered by 1 anonymous expert, and has been reviewed by Mădălina Voinea and Sorin Ionita

Answer

Supporting Evidence

If cyberattacks happen in Moldova, they are usually traced back to Russia or non-affiliated hackers

Answered by 1 anonymous expert, and has been reviewed by Mădălina Voinea and Sorin Ionita

Answer

Not Found

Answered by Hernan Alberro, and has been reviewed by Javier Melendez

Answer

Supporting Evidence

There was a cyber attack to the Electoral Court in 2021 but there was no mention regarding where it came from.

1. https://www.dw.com/es/ente-electoral-de-bolivia-sufre-ciberataque-tras-elecciones/a-56822240

Answered by Hernan Alberro, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

The government has suffered cyberattacks but no reports connected them with the PRC.

Answered by Hernan Alberro, and has been reviewed by Julieta Heduvan

Answer

Supporting Evidence

Pakistan and China cooperate on cyber security. Threats, disinfo and hacking threats are reported to have come from India or groups in Europe funded by the Indian govt.

1. https://www.aljazeera.com/news/2020/12/11/eu-ngo-report-uncovers-a-15-year-disinformation-campaign

Answered by Shahzeb Jillani, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Evidence suggests active cyber-espionage activities by Chinese hackers targeting Afghan entities. Reports by cybersecurity firms like Check Point and Recorded Future reveal attempts by Chinese hacker groups to infiltrate networks of key Afghan institutions, indicating China's strategic interest in the region, especially post-U.S. withdrawal.

1. https://www.securityweek.com/china-intensified-attacks-major-afghan-telecom-firm-us-finalized-withdrawal/
2. https://www.voanews.com/a/east-asia-pacific_voa-news-china_chinese-hackers-attacked-afghan-council-network-cybersecurity/6207719.html

Answered by Rahimullah Kakar, and has been reviewed by Niva Yau

Answer

Not Found

Answered by Temur Umarov, and has been reviewed by Niva Yau

Answer

Not Found

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Not Found

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the indicator phenomenon.

Supplementary Notes

Alleged cyberattack against the Estonian Foreign Ministry took place began in 2010 but reached its zenith in 2013-2014

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by Ernest Mudzengi and 1 anonymous expert, and has been reviewed by Andronicus Sikula and Dr. Obert Hodzi

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by Andronicus Sikula

Answer

Supporting Evidence

Thus far, this has not been reported.

Answered by 2 anonymous experts, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by Ricardo Ferrer Picado, and has been reviewed by Hernan Alberro

Answer

Supporting Evidence

There is no observation of the indicator phenomenon.

1. https://www.prensa-latina.cu/2023/10/26/investigan-presunto-ataque-cibernetico-a-parlamento-uruguayo
2. https://www.paymentmedia.com/news-6794-uruguay-publican-datos-del-hackeo-a-geocom.html

Answered by Ricardo Ferrer Picado, and has been reviewed by Hernan Alberro

Answer

Supporting Evidence

There is no observation of the indicator phenomenon.

Answered by Eric Lemus, and has been reviewed by Julio Martinez and Alvaro Cruz

Answer

Supporting Evidence

As early as 2015, experts observed advanced persistent cyberattacks and cyber espionage suspected to be China state-sponsored hackers against ASEAN nations, including the Philippines. This was after the Philippines brought its South China Sea against China before the international tribunal. Therefore, this Indicator deserves a “More than a few” rating. Among these was Naikon, which conducts cyber espionage in Southeast Asian countries to gather geopolitical information on the South China Sea by attacking civilian and government agencies, including military networks. With the extent of the cyberattacks breaching even the supposedly secure military and intelligence networks, therefore, this Indicator deserves a “Significant” rating.

1. https://www.benarnews.org/english/news/indonesian/computer-hack-03022023141922.html
2. https://www.ndcp.edu.ph/towards-a-cyber-defense-strategy-in-the-philippines/
3. https://www.bworldonline.com/the-nation/2023/03/15/510874/hontiveros-casts-doubt-on-ngcp-nica-cybersecurity-agreement-with-china-in-the-picture/
4. https://www.rappler.com/technology/china-hackers-earth-preta-target-asia-pacific-philippines-spear-phishing-campaign/

Supplementary Notes

In March 2023, the National Grid Corporation of the Philippines (NGCP) and the National Intelligence Coordinating Agency (NICA) entered into an agreement to strengthen cybersecurity in the country. But Senator Risa Hontiveros doubted the deal would be effective given that the NGCP is effectively controlled by China. NGCP is 60-percent owned by Filipino companies Monte Oro Grid Resources Corp. and Calaca High Power Corp, while the remaining shares are held by the State Grid Corp. of China. 

Answered by 1 anonymous expert, and has been reviewed by another 3 anonymous experts.

Answer

Supporting Evidence

There is no indicator of the said phenomenon.

Answered by Pravit Rojanaphruk, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

In Myanmar, there are no reports of cyber attacks targeting government, critical infrastructure, or enterprises suspected to be initiated from the People's Republic of China (PRC). This absence may be attributed to the ongoing process of digitalization within the Myanmar government and critical infrastructure.

Answered by 1 anonymous expert, and has been reviewed by another 2 anonymous experts.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by Abdou Rahim Lema, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by Tomé Bambo, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

There are no specific reports that highlight this, but there are several articles that mention hacking attempts originating from China to target the Indonesian government. For example, there is an article that mentions that the elections in Indonesia were attacked by hackers from China.

1. https://www.bloomberg.com/news/articles/2019-03-12/indonesia-says-poll-under-attack-from-chinese-russian-hackers

Answered by Muhammad Zulfikar Rakhmat, and has been reviewed by Yeta Purnama

Answer

Supporting Evidence

In 2021, China hacked dozens of Saudi public and private sector groups. The massive cyber attack appears to be part of a long-term spying strategy in the area of technology and business competition and advancement, rather than a desire to harm any of the target countries or businesses.

1. https://nepalnews.com/s/global/china-s-cyberattack-on-israel-iran-and-saudi-arabia
2. https://www.indianarrative.com/world-news/chinese-hackers-launch-another-cyberattack-on-middle-eastern-countries-23586.html
3. https://www.jpost.com/international/china-hacks-israel-saudi-to-collect-info-for-tech-business-advances-676326

Answered by Muhammad Zulfikar Rakhmat, and has been reviewed by Yeta Purnama

Answer

Supporting Evidence

There is no observation of the Indicator phenomenon.

Answered by Muhammad Zulfikar Rakhmat, and has been reviewed by Yeta Purnama

Answer

Answered by 1 anonymous expert, and has been reviewed by

Answer

Supporting Evidence

Some indicators suggest that Greece has become a target of cyberattacks, especially after the Russian invasion of Ukraine, since it is a NATO member. However, there is not enough evidence in order to attribute those cyberattacks to PRC affiliated groups. Therefore, a definite answer to this Indicator cannot be provided.”

1. https://blog.checkpoint.com/security/cyber-attacks-from-chinese-ips-on-nato-countries-surge-by-116/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.

Answer

Supporting Evidence

Cyber attacks focusing on intelligence or industrial/economic espionage have increased. Nonetheless, while the threat from China is acknowledged and recognized, firm evidence cannot be provided. Therefore, a definite answer to this Indicator cannot be provided.

1. https://visao.pt/exameinformatica/noticias-ei/internet/2022-02-22-ciberespionagem-portugal-apt15/
2. https://rr.sapo.pt/noticia/mundo/2021/07/19/ue-denuncia-ciberataques-de-grande-escala-realizados-a-partir-da-china/246683/

Answered by 1 anonymous expert, and has been reviewed by another 1 anonymous expert.