Chinese Threat Intelligence: Part Three

In part three of Viking Sec's series on Chinese threat intelligence, we look at how China evolved from starving farmers into APT1.

Chinese Threat Intelligence: Part Three

As a short recap, so far we’ve discussed the importance of nationalism in the Chinese threat landscape. We began in part 1, by explaining the importance of the Great Leap Forward and Cultural Revolution in the public’s perception of the government, both past and present. In part 2, we moved on to explain what that nationalism looks like now, in a modern, more privatized China. In this part, we are arriving at the destination of the modern Chinese threat.

From Starving Farmers to APT1

It cannot be understated how much China has changed since the Great Leap Forward. While we are hardly speaking about a totally free capitalist, liberal democracy, the political and cultural landscape is very different. Mao demonized intellectuals during the Great Leap Forward, thinking them to be inherently opposed to the state and thus a danger to the government. Now, intellectuals are the highly cultural heads of a society that they never could be under Mao’s anti-Confucian, anti-intellectual age.

The embrace of education, paired with the Reform and Opening Up and growing investment in national infrastructure. Westernization lead to the internet, and the internet lead to a booming tech sector and culture. China faced a lot of obstacles as they leapt into the tech and internet world years late. They were behind the curve, especially in R&D. They were throwing money into infrastructure and were pretty new at the whole private industry thing. Many hardliners fought increased privatization, saying that private companies couldn’t get ahead without state control.

So, China took a very… unique try at catching up to tech giants like the US and Europe. They knew their challenges. China was unsure of where they stood, with far-right democratic absolutists and far-left Maoists and Marxists fighting for control of the government in order to put forth their version of state owned or private economic systems. They also were combating various political issues on unrelated but related fronts, such as the continuing Taiwanese and Hong Kong independence movement, a rising ‘dissident’ group in the Falun Gong (different story, but very interesting), a population of equally politically confused citizens, and a myriad of other issues.

So what is China, a third-world country trying to climb to global power, a decade or more behind the technical curve, to do in such a situation?

They cheat.

State-sponsored cyber events in China, besides the patriotic Honker Union but often including veterans of the group, are often centered around economic espionage. These activities included the theft of intellectual property or information allowing for insider trading with foreign companies. This infamously included the theft of designs of the F-35, then copied (laughably obviously) into the Chinese J-20.

This was not only limited to defense equipment, though. Another oft-discussed case is of an American wind turbine company that pivoted its business to China after a large eco-centric bill was passed in ’05. They had heard the rumblings of IP theft being traced back to Chinese companies, so he protected his code from the beginning. Soon, he found it was to no avail, the almost inevitable theft directly resulting in billions of lost share price and the firing of over 600 employees.

You see, China knew they were behind. Whether it was military technology like the F-35 or eco-friendly energy alternatives like wind turbine tech, China was facing an academic, financial, and experience curve that would take at least a decade, and billions of dollars, to crest. They were behind in terms of diplomatic experience, which resulted in the targeting and hacking of military and government entities. The Chinese were using their newfound tech to steal more newfound tech, their newfound diplomatic ties to influence more newfound diplomatic ties.

The Role of Nationalism in Chinese Cyber Actors

We’re still seeing the occasional website defacements after major political upheaval between the US and China. However, they have moved on to a much more cost efficient strategy. Aside from a few notable examples, most notably the APT1 group reported by Mandiant, most or many of these attacks are being traced back to Chinese “private” companies themselves. Often times these corporations are formally private but run by, say, former PLA officials or CPC members.

These companies are being used as shells, ones that benefit from the theft of IP in the form of improved products, technical infrastructure, etcetera, but likely ultimately benefit the government, likely in the form of kickbacks, share ownership, or even more likely simply by the added prestige of a burgeoning tech industry and growing economy. China knows it wins if its private industry thrives. In the eyes of the West, still the ever colonial power of centuries before, capitalism is a sign that China is falling in line, and if their private industry thrives, it gives the appearance that the state is leaning more towards a free market economy and is learning from its mistakes.

The nationalism mentioned before has taken the form of an “army” of patriotic businessmen and tech professionals, going to college (likely with scholarships) or technical academies specifically to fight for the international prestige that comes from a cheating system. They may have misgivings about the new capitalist system, or they may not, but they know that the intentional sabotage and theft of Western national security and economic secrets directly leads to a heightened prestige of the homeland. It also offers a safe living, with tech wages in many cases overtaking wages in the medical profession.

Slowly but surely, the tiger moms of China are beginning to push keyboards into their children’s hands, instead of violins and pianos. They are filling out applications to tech-centric colleges instead of medical schools. The next generation of APT actors may be doing it for the money or the safety, but many of them are doing it out of a sense of duty to country, and certainly are not turning down the chance to help out the government when approached. They see the mutual benefit of stealing trade secrets. PLA units like APT1 know they are fighting the next generation war against the West, and right now, I can’t say that we are winning…

The awesome image used in this article is called "The Three Storms" and was created by Dan Shearn.