Friday, April 23, 2021
Home News Reports As Microsoft alleges its mail server were hacked by China-sponsored hackers, a brief look...

As Microsoft alleges its mail server were hacked by China-sponsored hackers, a brief look into various Chinese cyber-espionage groups

China has long been suspected of funding and facilitating malicious cyber groups which engage in cybercrimes.

Just a few days ago, Microsoft reported a cyberattack on its mail server software. Microsoft has since then come forward to claim that a Chinese cyber-espionage group was responsible for this. According to Microsoft’s Threat Intelligence Centre, the cyber-group named Hafnium was responsible for the attack on Microsoft. Hafnium has previously been accused of both being sponsored by China and operating out of the country. Microsoft claims that its conclusion is based upon “observed victimology, tactics and procedures”.

In recent years, China has successfully established itself as one of the world’s foremost forces in terms of cyber power. A 2020 report titled the “National Cyber Power Index 2020” published by Belfer Center for Science and International Affairs at Harvard University, ranks China as 2nd in the world in terms of cyber power, only behind the United States. This index measures a multitude of factors including government strategies, capabilities for defence and offence, resource allocation, the private sector, workforce, and innovation. Therefore, as far as cyber-attacks go, China is more than capable of facilitating such cyber operations.

China has long been suspected of funding and facilitating malicious cyber groups which engage in cybercrimes. Here are only some of the most notorious cyber groups which are either suspected or confirmed to be Chinese-backed:-

APT10 (Advanced Persistent Threat 10)

According to a report by the U.S. Cybersecurity and Infrastructure Security Agency, a federal agency under the U.S. Department of Homeland Security, the Chinese-backed cyber-espionage group APT10 has been active since at least 2006. APT10’s focus is to facilitate economic and commercial espionage against powers like Japan, the U.K., the United States etc. APT10 utilizes a variety of methods on its targets including spear phishing, usage of various Chinese malware, persistent targeting of MSPs (Managed Service Providers) etc.

In December 2018, two Chinese hackers belonging to APT10 were charged by the U.S. Department of Justice (DoJ) with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. According to the U.S. DoJ, these two Chinese hackers were working in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau, therefore revealing themselves to be working for the Chinese government.

APT10 continues to be active and goes by a number of aliases including MenuPass, Red Apollo, Stone Panda, Cicada etc.

Mustang Panda

Mustang Panda is a China-backed cyber-espionage group with a history of committing cyber attacks against Western NGOs which have a nexus with Chinese minority groups. This cyber group dates back to at least 2017. Mustang Panda utilizes malware like PlugX and Poison Ivy which is in use by almost all the Chinese-backed cyber groups operating today. Mustang Panda also relies on phishing lures that look like official documents written in the target’s native language in order to get the target to open an attached file that contains a .zip archive that executes malware like PlugX when opened.

In 2020, it was reported that Mustang Panda was targeting organizations associated with the Catholic Church. At the time of these cyber attacks, the Chinese Government and the Vatican were discussing the renewal of a 2018 accord between China and the Vatican, fueling speculations that the cyber activities of Mustang Panda were meant to provide an insight into the negotiations between China and the Holy See.

Mustang Panda goes by a number of aliases including RedDelta, TA416, BRONZE PRESIDENT etc.


BlackTech is a cyber threat group which primarily operates in East Asia countries like Taiwan and Japan, conducting cyber espionage operations. Known targets of BlackTech include finance, engineering, technology and government sectors of countries like Taiwan, Japan, Hong Kong and the U.S. with relation to East Asia. BlackTech’s strategy for cyber attacks often includes using compromised legitimate software in order to achieve its goals.

Reports state that BlackTech continues to remain active, utilizing new strains of malware to attack sectors in countries like Japan, Taiwan etc. In August 2020, the Taiwanese Government linked the cyber group BlackTech to the Chinese Communist Party (CCP), saying that BlackTech was working for the CCP in order to target multiple Taiwanese government and commercial entities.

BlackTech is known by several aliases including Palmerworm, CIRCUIT PANDA etc.

APT40 (Advanced Persistent Threat 40)

APT40 is a Chinese-backed cyber group which specifically focuses on countries and issues related to the South China Sea. The South China Sea is a disputed region over which China claims territorial sovereignty. APT40 is documented to digitally target maritime, engineering as well as government entities of countries bordering the South China Sea. A 2018 analysis report on APT40 infrastructure reveals that servers in Hainan, China were utilized by the group, which heavily suggests backing from the Chinese state. It is also important to keep in mind that Hainan is an island province of China located in the South China Sea.

In September 2020, Microsoft revealed that APT40 attempted to maliciously gain control of the cloud server but were identified and disrupted. A month before this, the Taiwanese government accused APT40 of digitally targeting various Taiwanese entities. Earlier in 2020, Malaysia’s Computer Emergency Response Team (MyCERT) issued an advisory naming APT40, linking the Chinese-backed cyber group to an espionage campaign against Malaysian officials.

APT40 goes by a number of aliases including GADOLINIUM, Leviathan, TEMP.Periscope etc.

APT 41 (Advanced Persistent Threat 41)

APT41 is one of the most prolific Chinese-backed cyber groups, with targets across various sectors and countries. Sectors like healthcare, media, and video games have been a target for cyber crimes by APT41. These cyber attacks by APT 41 hit multiple countries, including the U.S., Japan, South Korea, India, Australia, and the U.K. APT40 utilizes various ways in order to digitally attack their targets. These methods include using stolen digital certificates to sign malware, exploitation of remote access, using a custom malware Trojan known as Winnti etc.

In September 2020, in an effort to shine a light on the activities of APT41 the U.S. Department of Justice (DoJ) unsealed three indictments against five Chinese hackers and two Malaysian businessmen for a plethora of cyber crimes. The DoJ linked the activities of the Chinese hackers to a Chinese company known as Chengdu 404 Network Technology, which most likely operates at the behest of Chinese Ministry of State Security, which is a secret police agency in China. The DoJ indictments state that the Chinese hackers associated with APT41 are responsible for cyber attacks against over a hundred different organizations located in multiple countries.

APT41 is known by many other aliases. These include Barium, Winnti, Wicked Panda, Wicked Spider etc.

Chinese cyberthreat is real

As evidenced by the National Cyber Index 2020, China is the 2nd most powerful cyber power in the world. What’s even more impressive is the fact that China did not feature in the top 10 of a similar list titled Global Cyber Security Index 2018 provided by the International Telecommunication Union, a specialized U.N. agency. This indicates that China’s rise in cyber power is very recent and that the abovementioned examples of Chinese-backed cyber groups do not fully represent China’s future capabilities, which could also target India.

India was also under analysis for the National Cyber Index 2020. Out of the 30 countries assessed, India secured a rank of 21, clearly nowhere close to our neighbour. In terms of cyber offence or defence, India lags behind China in various indicators. This is a potential cause of concern for India, with military tensions at the Line of Actual Control heightening in the past year. Clearly, in order to achieve parity with China, India needs to heavily invest in its cyberinfrastructure and cybersecurity across the board in general.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staff
Staff reporter at OpIndia

Related Articles

Trending now

Arvind Kejriwal nosedives into gutter politics, spreads lies during CMs’ video conference with PM, illegally airs private meeting

As soon as the PM got to know of this fact, he reprimanded Arvind Kejriwal for breaking protocol, and the telecast was immediately stopped. Reportedly, the PM said to Kejriwal, “You have broken a very imp protocol, such private conversation are never televised”.

ThePrint’s contributing editor caught on the wrong foot, tries to play vulture politics over death of colleague, gets called out: Here’s what happened

On Thursday (April 22), 'journalist' Shivam Vij took to Twitter to inform about the death of a college classmate named Shaoli Rudra.

At least 57 dead in hospital mishaps in 4 months in Maharashtra: Who is accountable for the loss?

Here's the list of 4 completely avoidable incidents that took place in Maharashtra in the last few months, amidst the Coronavirus pandemic

Odisha CM Naveen Patnaik is an example for counterparts: Speaks to PM, extends help to other states without political drama

Odisha CM speaks to PM Modi, promises all possible help in supplying oxygen to other states during Covid crisis.

Moneycontrol spreads misleading news second time in two days, first about oxygen export, now about Bharat Biotech and the price of vaccine

Moneycontrol has resorted to spreading misleading news about the pricing of COVID-19 vaccinations by Bharat Biotech and Serum Institute.

Shashi Tharoor spreads fake news about death of former Lok Sabha Speaker Sumitra Mahajan, Hindustan Times apologises too: Details

Congress leader Shashi Tharoor spread fake news about death of ex-Lok Sabha Speaker Sumitra Mahajan, several others joined in

Recently Popular

Priyanka Gandhi’s Twitter faux pas, takes three attempts for condolence tweet

At 10:38 AM, four minutes after her first tweet, Priyanka Gandhi Vadra tweeted correct condolence message to correct intended recipient on third attempt.

NDTV journalist Gargi Rawat Ansari shows how she is willing to sacrifice human lives so propaganda continues to reign supreme

NDTV journalist Gargi Rawat Ansari is married to Yusuf Ahmad Ansari, the great-grandson of former Congress President Mukhtar Ahmad Ansari

Sitaram Yechury’s son passes away due to Covid-19

The CPI(M) General Secretary in his tweet thanked all the medical staff who treated his son Ashish Yechury

TikTok Star Funbucket Bhargav, of OMG fame, arrested for raping minor girl

TikTok Star 'Funbucket Bhargav' arrested for raping a minor. Fans of actor Nithya wrongly assumed she was the victim.

Nithyananda bans Indians from entering Kailasa citing Covid-19, issues guidelines for ’embassies’ around the world

Sri Nithyananda of Kailasa has banned travelers from India into his fledgling nation amidst the second wave of the Covid-19 pandemic.
- Advertisement -


Connect with us