Chinese Threat Intelligence: Part 2

In part two of this three part series on Chinese threat intelligence we learn about Chinese Nationalism and the Chinese nation state hacking scene.

Chinese Threat Intelligence: Part 2

In Part 1, we discussed the patriotic nature of the initial Chinese hacking culture. It began, from the beginning, in politics, and as we will continue to see, it continues to evolve along with the political environment. Contrast this with Western hacker culture, which, with limited exceptions, began apolitically as more of a maker culture.

This largely is because of politicians themselves. Western nationalism largely doesn’t have to be nurtured to continue or to rise, and while the rise of movements like the Alt-Right have harbored some sort of (albeit twisted) nationalism, this kind of movement is different in China. Chinese nationalism is a strange creature, as Chinese as a nation has existed in many different forms. They have existed in many different dynasties, as a broken civil warring nation, and as a Communist revolutionary nation.

China has also shown the ugliest side of nationalism in the form of blind revolution that lead to rampant starvation, violent and murderous revolutionary Red Guards, and an economic stagnation and decline that set the nation back decades during the Cultural Revolution and Great Leap Forward. The most disastrous period in China’s history was done in some kind of almost religious nationalism put forth by Chairman Mao.

Nationalism has long been seen as a political weapon for those in the Chinese political elite. They used it to combat the Taiwanese, Hong Kong, and Tibetan independence movements, using nationalist messaging to stir up anger against pro-freedom movement protestors. This is how we arrived in the environment surrounding the Hainan Island incident. The Chinese government took a disaster that was clearly the fault of the Chinese pilot and used it as a PR weapon.

After the initial reports of the Hainan Island incident aired, the state-controlled media immediately stirred up public fury around the incident. They flipped the situation against the facts, insisting that the American’s were the ones that had been ‘hotdogging’ around the Chinese pilot, despite the significantly larger size of the American plane compared to the Chinese. They also drummed up anger about the mere existence of an American plane in the ‘sovereign Chinese airspace’ of the South China Sea.

When protests inevitably began outside of American consulates and embassies, the security reaction was… less than authoritarian. There were even reports that local governments were bussing protestors out to the embassy. When the less-than-sincere apology came, the state-run media neglected to air it for hours, despite the protests.

Rise of the Private Industry… And APTs

After the death of Chairman Mao, China was a nation in a full state of crisis. Famine had destroyed the nation’s population and morale, relocation policies destroying the nation’s academia, and Maoist policies leaving the country’s GDP at a fraction of other developed nations. This brought in an era of economic reform, and with it, the dreaded capitalist privatization. While it turned Maoists a very patriotic shade of red from, Deng Xiaoping’s, and later Xi Jinping’s era of economic reform and privatization allowed for the Chinese economy to grow at a level most economists did not think possible.

Privatization, a burgeoning and swiftly growing economy, and renewed investment in academia and STEM research lead to an growing technology structure. President Deng and Xi also invested in infrastructure, including nationwide internet branching out from population centers like Beijing and Shanghai. The latter developed into a center of economic westernization, leading to a city containing one of the largest populations of Starbucks per square mile, hosting multiple Gucci and Prada outlets, and a bustling underground market system that sells anything from knockoff drones to fake Beats by Dre headphones.

Chinese people by-and-large embraced the Westernization, especially as it came with a growing economy and better economic and educational opportunities for the new generations. While many Red Guard, Maoist types existed in the general population, much of the newer generation grew up in fear of the Red Guard and remembered Mao’s Dynasty as a time of suffering. The new economic reform period, known as the Great Reform and Opening Up, meant a change in culture and economic structure.

Okay enough about economics and cultural change. You’re here for threat intelligence! You may have missed it, but you have been reading an important piece of it all along. As I mentioned, Mao, Deng, and Xi all have used nationalism as an important tool for affecting public sentiment. This is much easier in China, as the majority of the media is state run, and thus is more of a PR wing for the Communist Party. Deployment of hackers against dissidents in Hong Kong, Taiwan, and Tibet was as easy as demonizing the dissenters and airing coverage of cyber attacks by ‘mysterious’ hackers against them, while issuing a ‘stern no-no’ to anybody who ‘might be thinking about’ launching cyber attacks against ‘enemies of the state’.

In America, it’s often joked about that oftentimes, criminal hackers are caught, arrested, and promptly ‘recruited’ into federal service, often rumored to be in exchange for leniency and a shorter sentence. In China, it’s very different. Hackers from the Honker’s Union of China found their way into successful, state funded startups after warring against enemies of the state and passing on intelligence to the government. There, you commit crimes for the feds and end up with a cushy private job. There’s also the military route, as the PLA has a strong cyber unit and is much closer to China’s government, seen in the retired military officials filling the ranks of the CPC. Personal work in a developing industry like cyber security can go a long way when turning in a resume for a political position, and government seats are often filled by private tech business owners, or CEO seats filled by Party officials.

This Reform and Opening Up lead to a cultural and economic reform the likes of which the world has never seen, but it also ‘Opened Up’ the doors for patriotic hackers to join the ranks of the military, the Communist Party, and private industries… which would later become the back bone of some of the most advanced APT’s we have ever seen.

Want to know more about how this backbone grew into the fierce dragon we see in today’s threat landscape? That’ll have to wait for Part 3. Here is what you can take from Part 2 of this series:

  • The news is used as an arm for deployment in China. Watch the news, and you see the Shepherd. Listen to the Shepherd, and you will know what the Sheep will do.
  • Patriotism is a dangerous driving force. This is true anywhere, but especially China. If you suspect a Chinese threat actor, there is some form of nationalism behind it.
  • As global conflict continues, expect a rise in nationalist hacking from China.
  • I’ll cover this more later on, but this patriotic behavior didn’t stop with Mao and doesn’t limit itself to Sino-US relations. It heavily affects Taiwan, India, Tibet, Hong Kong, South Korea, and others. If you could see China demonizing a group or nation, they likely are, and it is likely leading to patriotic cyber attacks.

The awesome image used in this article is called Lo Pan and it was created by Ryan Brinkerhoff.