21 October 2021, London/Amsterdam: There are clear indicators and factors pointing to more overt and confident cyber behaviour from the Chinese Communist Party (CCP), which is highly likely to be coupled with large scale and continuous offensive cyber operations, according to a report published by cyber threat Intelligence company, SecAlliance. The report provides a detailed analysis of the CCP Five-Year Plan (FYP), its implications for the cyber threat landscape and how it will drive China’s actions.
Published in March 2021, China’s FYP’s stated purpose is to frame the nation’s social and economic goals over the next five years and the language revolves around internal innovation, research and development. SecAlliance analysts have assessed the priorities of the FYP, the underlying factors that shape it and what this means in relation to the Chinese cyber threat
Behind public declarations of economic goals, the FYP has a dual strategy: to reduce foreign leverage over Chinese interests, while simultaneously expanding and deepening Chinese social, political and economic influence internationally. This drives the sectors that China’s cyber operations are directed at, as well as the types of information that are prioritised and targeted.
SecAlliance believes the CCP’s cyber activity will be focused on steering, blocking and undermining core economic activity such as M&As and building supply chains to extend their influence and to undermine western efforts.
Looking further ahead, the CCP’s strategy is likely to be centred around pulling the global community away from western technologies, systems and institutions and promoting Chinese solutions. The attempted largescale rollout of Huawei products is a good example of this strategy in action.
Although it is typically more associated with Russian threat actors, SecAlliance expects to see Chinese actors use cyber intrusions to facilitate ‘information operations’, via the leaking of stolen information in addition to continued abuse of social media to steer their own narrative. Though this may be used for election interference, it is more likely to be used to undermine Western initiatives, global standing and influence.
“The tempo and scale of Chinese cyber activity will almost certainly continue to increase in order to match the size of the CCP’s ambitions,” said Rob Dartnall, Head of Intelligence SecAlliance. “The priority will be on information collection and pre-positioning for future attacks, but information operations and even disruptive operations are likely to manifest in the medium-to-long term. The collection of intellectual property is essential to bolstering political and economic competitiveness in key sectors, so, it is likely that CCP’s targeting will be directed at critical national infrastructure, government and military entities as well as supply chains.“
The report suggests that to track individuals of interest to the CCP such as politicians, businesspeople, dissidents and journalists, Chinese actors will continue to collect (Personally Identifiable Information (PII). Sectors like telecommunications are likely to be targeted more frequently to closely monitor the movements and conversations of these targets.
Financial services are also likely to be in the spotlight, as China seeks to develop in areas such as blockchain, while also extricating themselves from western-aligned financial systems, such as SWIFT.
“To breach organisations, Chinese threat actors will continue to utilise the supply chain as the weak point in many networks and valuable source of aggregated information” Says Dartnall. “The resources and expertise available to Chinese intelligence also enables the development of exploits for widely deployed systems on the perimeter edge. As a result, it is likely that there will be more attacks akin to the exploitation of Microsoft Exchange in March 2021.”
Less obvious avenues to acquire access to systems are also available to the CCP. This includes the placement of personnel within organisations who can access corporate information and report back to Beijing. Often, this can be achieved by bringing new laws that compel foreign organisations to have individuals associated with the CCP working for them.
The full report is available to download from the SecAlliance website: Download report
Formed in 2007, SecAlliance is a global cyber threat intelligence product and services company with clients that include governments, central banks, healthcare, financial services, manufacturing, transportation, energy, research and Critical National Infrastructure.
Our cyber threat intelligence team is made up of seasoned intelligence professionals with diverse backgrounds, ranging from conventional intelligence, law enforcement, consulting, research and academia, to technical, software development and penetration testing.
SecAlliance provides intelligence that is gathered, analysed and curated by intelligence experts with real world experience. We pride ourselves on the quality of our intelligence product and services, and the strong relationships we build with our clients and partners. We help clients manage and reduce cyber risks and continuously build relevant cyber security strategies and improve their cyber resilience.