The Cyber Cold War: Separating Fact from Fiction in US-China Cyber Relations

ByJane Ginn

June 2, 2024 ,
A clash of two geopolitical systems shown as flags on box cars

On April 28, 2024, ChinaDaily issued a report published by the China Cybersecurity Industry Alliance (CCIA). The CCIA works in conjunction with various Chinese government bodies, including the Cyberspace Administration of China (CAC) and the Ministry of State Security (MSS). This collaboration ensures that the CCIA’s activities and reports are in line with the government’s cybersecurity policies and strategic goals. The CCIA’s efforts are part of a broader strategy to consolidate and centralize power within the Chinese Communist Party (CCP) over the cybersecurity political bureaucracy in China.

The CCIA report was published in English as ‘US Threats and Sabotage to the Security and Development of Global Cyberspace’. This report conveys the tone and tenor of typical state-sponsored propaganda emerging from the CCP. The rhetoric was so stilted and biased that it appeared to have been generated by a large language model (LLM) that had only been trained on anti-US publications and state propaganda. The use of LLMs enhanced by retrieval-augmented generation (RAG) is a common practice in the field of artificial intelligence. This unidimensional report appears to have the characteristics of that technique which ‘trains’ the LLM model on a specific body of literature, in this case, propaganda.

The New York Times reported on May 31st that OpenAI, the developer of ChatGPT, has deleted multiple Chinese, Russian and Iranian accounts from its system because of abuse.  OpenAI claimed it “identified and disrupted five online campaigns that used its generative artificial intelligence technologies to deceptively manipulate public opinion around the world and influence geopolitics.” The Chinese campaign has been dubbed ‘Spamouflage’ after an information operations (IO) initiative exposed by Twitter (now ‘X’) and Meta in 2019 (Eib and Conlin, 2022).

The ChinaDaily introduction to the CCIA’s report claimed that the authors of the CCIA report used an empirical analysis; however, limited sources were cited. Furthermore, it claimed the use of “government documents, global cybersecurity companies, research institutions, and news media,” however, it did not include a set of references.

Since the narrative was so highly biased and since it reflected many common CCP troupes aimed at vilifying the United States I have taken on the task of countering each of their narratives.  I will document the assertions of the CCIA and provide a counter narrative on a point-by-point basis in accordance with the six sections of the report, as follows.

Narratives/Counter Narratives

The first sentence of the preface to the CCIA report claims that “Cyberspace is the home of mankind.” Yet, officially, the CCP advocates for the concept of cyber sovereignty, which emphasizes the right of each nation to govern its own Internet without external interference. This contrasts with the Western model of a free and open Internet which is more consistent with the notion of cyberspace as a home for mankind. Importantly, the Chinese cyber sovereignty argument does not comport with assertions made in the CCIA report that cyberspace is a “home of mankind.”

 CCIA Claims that the US infiltrates and subverts foreign governments via the Internet

Narrative: The report accuses the US of using the Internet to subvert foreign governments through ideological infiltration, spreading fake news, and inciting unrest.

Counter-Narrative: There are numerous academic and press accounts of well-resourced Chinese media outlets promoting subversive CCP narratives, especially in the developing world, where China seeks hegemony over critical minerals for its industrialization and expansionist agenda (Microsoft Threat Intelligence, 2023).

A case in point is the growing disenchantment by loan recipients in Kazakhstan, Namibia, Vietnam and more of the Chinese 2013 Belt and Road Initiative (BRI).   A Chinese threat actor known as NICKEL (a.k.a. APT15, APT25, KeChang) has been documented targeting organizations for economic espionage in these countries since 2016.  In addition, Microsoft (2023), Eib & Conlin of Aletha (2022), NISOS (2023) and others have documented extensive disinformation/misinformation IO operations deploying language-specific inauthentic behavior on multiple social media platforms.  Appendix A provides a list of 36 specific Chinese-affiliated media outlets throughout the BRI recipient countries around the world that are broadcasting Chinese propaganda and anti-US troupes and seeking to subvert foreign populations. 

Regardless of how China tries to spin the narrative, the BRI has been criticized for the following:

Debt Trap Diplomacy

Many reports accuse China of engaging in “debt trap diplomacy,” where developing countries are lured into taking large loans for infrastructure projects they cannot afford, leading to unsustainable debt levels. This has resulted in countries like Sri Lanka, Pakistan, and Zambia facing severe debt crises and, in some cases, having to cede control of strategic assets to China.

Corruption and Lack of Transparency

The BRI has been plagued by corruption and a lack of transparency. Numerous projects have been marred by financial irregularities, bribery, and mismanagement. For instance, the East Coast Rail Link in Malaysia and the Hambantota Port in Sri Lanka have been cited as examples where corruption and poor planning led to significant financial and operational issues.

Environmental and Social Impact

Single tree in baren landscapeEnvironmental degradation and social displacement are significant concerns associated with BRI projects. Reports highlight the negative environmental impacts of large-scale infrastructure projects, such as deforestation, pollution, and disruption of local ecosystems. Additionally, there have been instances of social unrest and displacement of local communities due to these projects.

Geopolitical and Strategic Concerns

The BRI is seen by many as a tool for China to expand its geopolitical influence. This has led to increased tensions with other major powers, particularly the United States and India, who view the initiative as a threat to their strategic interests. The China-Pakistan Economic Corridor (CPEC), which runs through the disputed region of Kashmir, is a notable example of how BRI projects can exacerbate geopolitical tensions.

Economic Viability and Sustainability

Rinsing dyed fabric in IndiaMany BRI projects have been criticized for their lack of economic viability and sustainability. Reports indicate that several projects are economically unfeasible, leading to financial losses and abandoned projects. The focus on politically motivated projects rather than economically sound ones has further exacerbated these issues.

Backlash and Reassessment

There has been a growing backlash against the BRI in many participating countries. Governments and citizens in these countries have become increasingly wary of Chinese investments due to the associated debt burdens, corruption, and lack of local benefits. This has led to the cancellation or renegotiation of several high-profile projects.

China maintains strict control over its domestic Internet through the Great Firewall, which censors content and restricts access to foreign websites within China. Chinese citizens are unable to gain access to information resources that run counter to the CCP narratives, such as those showing the level of discontent with the BRI programs, as noted above. Importantly, Chinese citizens do not have access to information about the covert activities of their own government when it engages in widespread intelligence collection, economic espionage and foreign information manipulation and interference (FIMI) against other governments, even their own strategic partners. This is part of a broader strategy to control information, maintain social stability and muffle dissent against the CCP.

The claim that the US “infiltrates and subverts” foreign governments does not consider such liberal principles as freedom of the press which reports the policy failures, espionage activities, and IO of the CCP in Western media as well as its own policy failures.

The CCIA Claims that the US performs indiscriminate cyber surveillance and espionage

Narrative: The CCIA report highlights US programs like PRISM and the NSA’s surveillance activities, which have been widely reported in Western media following Edward Snowden’s revelations. Books like “The Snowden Files” by Luke Harding provide detailed accounts of these surveillance programs, confirming some of the CCIA’s claims but also placing them in a broader context of global surveillance practices.

Counter-Narrative: China, too, has been accused of engaging in state-sponsored cyber surveillance and espionage. These activities often target intellectual property, government secrets, and critical infrastructure in other countries. A case in point is the cyber espionage activities conducted by the Chinese People’s Liberation Army (PLA) Unit 78020, (also known as the Naikon Advanced Persistent Threat (APT) group) and documented by ThreatConnect (2019).

Their 2019 report “Project CAMERASHY: Closing the Aperture on China’s Unit 78020,” provides a detailed analysis of the cyber surveillance and espionage activities of the PLA Unit 78020. Here are their key findings:

Techniques and Tools: Unit 78020 has used malicious email attachments and spear phishing campaigns to exploit its targets. These campaigns often involved customized malware designed to establish initial access and facilitate further exploitation activities. The malware used by Naikon included instructions to send stolen data to specific internet domains, such as “greensky27.vicp.net,” which were traced back to Kunming, the primary operating location of Unit 78020.

Targets: The primary targets of Unit 78020’s cyber espionage activities include government entities in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam. Additionally, international organizations such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN) were also targeted.

Attribution: The report definitively attributes the cyber espionage activities of the Naikon APT group to PLA Unit 78020. This unit had been active for nearly five years on the date of publication of CAMERASHY.  It documented how the PLA Unit 78020 employed various cyber espionage techniques to target Southeast Asian military, diplomatic, and economic sectors.

This is just one of hundreds of reports of Chinese government sponsored monitoring and surveillance campaigns conducted against foreign governments. 

The CCIA Claims that the US attacks and deters other countries in cyberspace

Narrative: The CCIA report discusses the Stuxnet virus and the US’s “defend forward” strategy. It is true, the techniques and code used in Stuxnet have influenced subsequent cyber-attacks and have been studied extensively for insights into cyber-physical security.

Counter-Narrative: More recent cyber-physical attacks have been definitively attributed to a Chinese state-sponsored threat actor known as Volt Typhoon. This APT has been identified as a Chinese hacker group targeting critical infrastructure. The group uses malicious software to penetrate Internet-connected systems by exploiting vulnerabilities such as weak passwords and outdated devices. Volt Typhoon has also conducted reconnaissance against numerous US defense contractors. Guam is one of the most frequent targets of their campaigns, particularly the satellite communications and telecommunications entities housed there.

A joint advisory from CISA, NSA, FBI, and other international partners confirmed that Volt Typhoon, a PRC state-sponsored cyber group, has compromised IT environments of multiple US critical infrastructure organizations. The advisory highlights that the group’s behavior is not consistent with traditional cyber espionage but rather aims to pre-position for potential disruptive or destructive cyberattacks on critical infrastructure.

But Volt Typhoon is not the only documented PLA unit attacking other countries in cyberspace. Circle Typhoon (a.k.a. DEV-0322) conducts a wide range of cyber activity against the US defense industrial base including resource development, collection, initial access, and credential access. Circle Typhoon often leverages VPN appliances to target IT and US-based defense contractors (Microsoft Threat Intelligence, 2023). There are many others too numerous to enumerate here.

The CCIA Claims that the US is triggering a cyber arms race

Narrative: The report claims the US is the main instigator of a global cyber arms race. According to the Chinese narrative, China uses cyber diplomacy and soft power to influence global Internet governance. This is true to some extent because they are promoting their model of cyber sovereignty in international forums such as the International Telecommunications Union (ITU) and through bilateral agreements.

Counter-Narrative: But we should contrast this soft power approach with the aggressive offensive measures taken by the hack of the U.S. Office of Personnel Management (OPM) by the PLA. This 2013 hack is a significant event in cybersecurity history, involving multiple breaches over several years and ultimately attributed to the Chinese PLA. Here is a detailed timeline of the events:

Initial Breaches and Early Detection

– November 2013: The earliest known malicious activity on OPM networks is detected. Hackers, later identified as state-sponsored actors, infiltrated the OPM systems and exfiltrated IT system manuals and architecture information, which provided a blueprint for future attacks.

– December 2013: Hackers breached two contractors, USIS and KeyPoint Government Solutions, involved in conducting background investigations for the government. This breach allowed the attackers to gain access to sensitive information.

Escalation and Major Breaches

– June 2014: USIS detected the breach of its networks and notified OPM. The information was not made public immediately.

– December 2014: Another breach was discovered at KeyPoint Government Solutions, prompting OPM to notify more than 48,000 federal employees about the potential exposure of their personal information.

Discovery and Public Disclosure

– April 2015: OPM detected a cyber-intrusion affecting its IT systems and data, which had started back in December 2014. This detection was a result of upgraded security detection and monitoring tools.

– June 4, 2015: The Obama administration publicly acknowledged the breach, revealing that the personal data of approximately 4 million current and former federal employees had been compromised. no official attribution was made at that time.

– June 12, 2015: Officials uncovered a second breach, suggesting that the OPM breach was much larger than initially expected, potentially affecting up to 18 million individuals.

– July 9, 2015: OPM concluded with high confidence that sensitive information, including Social Security Numbers of 21.5 million individuals, was stolen from the background investigation databases. This included 19.7 million individuals who applied for a background investigation and 1.8 million non-applicants, primarily spouses or co-habitants of applicants.

Attribution to Chinese PLA

– February 11, 2020: U.S. Attorney General William Barr publicly linked the OPM breach to the Chinese government, stating that the theft of personal data was part of a larger strategy by China to gain economic and intelligence advantages.

The OPM breach is a stark reminder of the vulnerabilities in government cybersecurity and the persistent threat posed by state-sponsored cyber espionage. The attribution to the Chinese PLA underscores the strategic importance of such data in international intelligence and economic competition.

The CCIA Claims that the US is using political measures to disrupt global industry and supply chains

Narrative: The CCIA report criticizes US actions like the inclusion of Chinese firms on the Entity List and the CHIPS Act.

Counter-Narrative: The Entity List, maintained by the Bureau of Industry and Security (BIS) of the US Department of Commerce (DOC), has significant implications for U.S.-China trade. As of recent updates, there are approximately 600 Chinese entities on the list, including major companies like Huawei. These entities are often involved in advanced technologies such as 5G, artificial intelligence, and military applications. The inclusion of these entities restricts their access to U.S. technologies and components, which can severely impact their operations and competitiveness.

In response to the U.S. Entity List, China has established its own “Unreliable Entities List” (UEL) to counteract activities that it perceives as threatening its national sovereignty, security, or development interests. This list aims to penalize foreign entities that discriminate against Chinese companies or disrupt their operations.

The CHIPS Act, signed into law in August 2022, aims to bolster the U.S. semiconductor industry by providing $52.7 billion in subsidies for manufacturing, R&D, and workforce development. This move is intended to reduce reliance on foreign semiconductor supply chains, particularly from China, and to address national security concerns.

Alongside the CHIPS Act, the U.S. has implemented stringent export controls to limit China’s access to advanced semiconductor technologies. These controls, updated in October 2022 and further refined in 2023, restrict the export of advanced computing chips and semiconductor manufacturing equipment to China. The goal is to prevent China from using these technologies for military modernization.

A specific case can illustrate the need for US public policy action to deter the aggressive CCP cyber policies; that of the backdoors implanted on Huawei’s 5G equipment.  US officials have claimed that Huawei has the capability to access sensitive and personal information through backdoors intended for law enforcement use. These backdoors are reportedly embedded in carrier equipment such as base stations, antennas, and switching gear.

Robert O’Brien, the US National Security Adviser, stated that Huawei has the capability to secretly access information in systems it maintains and sells globally. This access is allegedly preserved through interfaces meant for lawful interception, which are supposed to be accessible only by law enforcement with a court order.

In 2011 Vodafone discovered hidden backdoors in Huawei equipment used in its Italian business. Red and straw colored hatThese backdoors were found in home Internet routers and parts of the fixed-access network, such as optical service nodes and broadband network gateways. Vodafone identified backdoors in these components, which are responsible for transporting Internet traffic and handling subscriber authentication. The backdoors could allow unauthorized access to the network and user data. Despite assurances from Huawei that the issues were resolved, further testing revealed that the vulnerabilities remained.

A detailed analysis by Finite State found that over half of the tested Huawei firmware images contained at least one potential backdoor. The study identified hardcoded SSH keys, default usernames and passwords, and numerous critical vulnerabilities in Huawei’s firmware, which could be exploited for unauthorized access using man-in-the-middle (MitM) attacks.  Furthermore, An FBI investigation determined that Huawei equipment installed near US military bases could potentially capture and disrupt Defense Department communications, including those related to the US nuclear arsenal. This equipment was capable of capturing sensitive information and would pose a significant national security risk if installed near a US base.

The CCIA Claims that the US is sabotaging cyberspace rules and order

Narrative: The report accuses the US of undermining international cyberspace rules. This is a contentious issue, with Western sources often framing US actions as efforts to promote a free and open Internet, while critics argue that these actions can be seen as self-serving and exclusionary.

Counter-Narrative: China cannot claim to be innocent in these matters. Chinese cyber operations often focus on industrial espionage, aiming to steal trade secrets and technological innovations from foreign companies in direct violation of the Tallin Manual 2.0 on the International Law Applicable to Cyber Operations. This has been a major point of contention in US-China relations.

It appears the authors of the CCIA report were not aware of the operations of the PLA’s Third Department when accusing the US of sabotaging cyberspace rules (Jasper, 2020). Recent reports on the PLA Third Department’s offensive cyber operations provide detailed insights into the structure, capabilities, and activities of this key component of China’s cyber warfare strategy (Jarmon & Yannakogeorgos, 2018). Here are some of the key points from these reports:

Strategic Support Force (SSF) and Network Systems Department

 – The PLA’s Third Department, previously responsible for cyber espionage, has been integrated into the SSF’s Network Systems Department. This integration aims to enhance the PLA’s ability to conduct combined cyber, electronic, and psychological warfare operations.

 – The SSF consolidates various cyber capabilities, including espionage and offensive operations, under a single command structure, improving coordination and effectiveness in both peacetime and wartime scenarios.

Operational Doctrine and Capabilities

 – The PLA’s cyber operations doctrine has evolved to include both standalone cyber operations and joint information operations, which combine cyber, electronic, and kinetic attacks.

 – The Third Department’s historical focus on signals intelligence (SIGINT) and cyber reconnaissance has been expanded to include offensive cyber operations, with a particular emphasis on targeting critical infrastructure and military networks.

Cyber Espionage and Offensive Operations

 – The Third Department has been implicated in numerous cyber espionage activities, targeting a wide range of sectors including defense, energy, and telecommunications. These operations often involve sophisticated techniques to infiltrate and exfiltrate sensitive information.

 – Reports highlight the use of APTs linked to the Third Department, such as Unit 61398, which has been involved in high-profile cyber espionage campaigns against U.S. and allied targets.

Recent Incidents and Threats

 – Recent reports indicate that Chinese state-backed hackers, including those affiliated with the Third Department, have targeted critical infrastructure in the U.S., such as water, power, and communication systems. These activities are part of broader efforts to pre-position for potential disruptive or destructive cyber operations in the event of a conflict.

 – The PLA’s cyber capabilities are seen as a significant threat to U.S. national security, with the potential to cause localized, temporary disruptions in critical infrastructure sectors.

Integration with Broader Military Strategy

 – The Third Department’s activities are closely aligned with China’s broader military strategy, which views cyberspace as a critical domain for achieving information superiority and supporting military operations.

 – The PLA’s focus on “informationized” warfare underscores the importance of cyber capabilities in modern military strategy, aiming to integrate cyber operations with other forms of warfare to achieve strategic objectives.

These points underscore the growing sophistication and strategic importance of the PLA Third Department’s offensive cyber operations, highlighting the need for robust defenses and international cooperation to counter these threats.

Commentary

As we have seen in the subject CCIA report, Chinese propogandists have portrayed the US as subversive, indiscriminate, aggressive, and war-mongering saboteurs. The CCIA report adopts a highly critical and accusatory tone, framing US actions as hegemonic and disruptive. Furthermore, the CCIA report exclusively focuses on US actions, whereas Western sources typically discuss cyber activities in a broader context, including actions by other nations such as Russia, China, and Iran.

Chinese temple in AsiaThe CCIA report claims to use empirical analysis and references to various incidents and programs but provides few references. The bottom line: the CCIA report presents a one-sided view of US cyber activities, emphasizing negative impacts and framing the US as the primary aggressor in cyberspace. 

In contrast, I have presented a series of facts to counter the one-sided perspective presented in the CCIA report. I have shown that China uses aggressive cyber warfare tactics that are putting the US critical infrastructure in jeopardy. Hjortdal (2011) argues that China has three primary reasons for using cyber warfare tactics: The three reasons are:

  • deterrence through infiltration of critical infrastructure
  • military-technological espionage to gain military knowledge, and
  • industrial espionage to gain economic advantage. 

Since the publication of that article over 12 years ago we have seen China implement each of these strategies, as documented in this article.  Multiple documented critical infrastructure compromises by Volt Typhon is one, corresponding to the first bullet.  The theft of the OPM database of US security-cleared professionals is an example corresponding to the second bullet.  And the use of weaponized telecommunications equipment sold to countries around the world by Chinese telecom companies controlled in part by the CCP corresponds to the third bullet. 

In summary, we can list the following categories of activity attributable to the CCP’s PLA and beyond:

Strategic Focus on AI and Cyber Warfare: The PLA is increasingly integrating artificial intelligence into its cyber capabilities, shifting from reactive defense to proactive threat detection and countermeasures. This strategic focus is part of a broader move towards “intelligent warfare,” as outlined in China’s 2019 Defense White Paper outlining the PLA’s use of AI to enhance efficiency, adaptability, and real-time decision-making in cyber operations.

Cyber Espionage and Offensive Operations: China’s cyber capabilities are seen as a significant threat due to their extensive use of cyber espionage and offensive operations. Abstract image with word Internet in redThe PLA has developed effective offensive cyber tools for combat use. PLA writings acknowledge the existence of offensive cyber capabilities, which include reconnaissance, attack, defense, and deterrence operations.

Hybrid and Cyber Operations: China can uses hybrid (including kinetic warfare capabilities) and cyber operations, along with its confrontational rhetoric and disinformation campaigns. These operations are designed to destabilize the US and its NATO allies by targeting critical infrastructure, government services, and military activities.

Technological Advancements and Global Influence: China’s advancements in digital technology, including 5G, AI, and quantum computing, are seen as having direct security implications for the US. These technologies could potentially undermine existing encryption systems and overall cyber resilience. China’s role in global standard-setting through the ITU for emerging technologies also poses a strategic challenge to the US.

The threat from Chinese cyber activities is persistent and increasing. The activities outlined in the CCIA report, and the counter narratives presented here show that the US must continue to improve situational awareness of the Chinese cyber threat and develop comprehensive preventive response options.

Conclusion

When I established the premise for this article, I speculated that the CCIA used AI LLMs and narrowly curated RAG databases for their report as published in the ChinaDaily. Chatbots are useful tools for research; however, it is important to use caution because some poorly trained models tend to hallucinate. It is becoming more and more obvious to human readers when LLMs are the primary authors and more importantly, when RAG implementations of LLMs are highly biased.

If my supposition is true, that is, that the CCIA paper was authored by a chatbot, then I suggest that the trade association expand their use of references to include the times, dates and places where covert and overt CCP-sponsored PLA activities have taken place. If it is not true and the report was authored by living, breathing human beings, the recommendation to expand the research also holds. But then again, I do realize that access to information within China is very limited. I hope a Chinese translation of this analysis makes it past the Great Firewall.

The Chinese classic The Art of War can be interpreted as addressing the topic of hypocrisy, particularly in the context of leadership and strategy. This popular book, written by the ancient Chinese military strategist Sun-Tzu, emphasizes the importance of genuine leadership and the dangers of deceit and pretense. While it does not explicitly use the term “hypocrisy,” its teachings on sincere leadership, the avoidance of deceitful displays, and the importance of building genuine trust and unity can be interpreted as addressing the concept of hypocrisy in a strategic and leadership context.

One of the key themes in The Art of War is the necessity for a leader to be sincere and to avoid deceitful displays of strength. The text advises against “macho displays” and emphasizes that true victory should surpass the understanding of the common people, implying that superficial shows of power are not the mark of good leadership. This can be seen as a critique of hypocrisy, where leaders might pretend to be virtuous or strong without actually possessing those qualities.

The authors of the CCIA report should take heed of Sun-Tzu’s warning.

References:

Eib, C.S., & Conlin, P. (2022). Chinese Influence Operation Spreads to American Alt-Platforms. Aletha.

Eichensehr, K.E. (2022). United States Pressures China Over Human Rights Abuses. American Journal of International Law, 116, 433 – 438.

Hjortdal, M. (2011). China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence. Journal of Strategic Security, 4, 1-24.

Hussien, O., Butt, U., & Sulaiman, R.B. (2023). Critical Analysis and Countermeasures Tactics, Techniques and Procedures (TTPs) that targeting civilians: A case study On Pegasus. ArXiv, abs/2310.00769.

Ikenson, D.J. (2012). Trade Policy Priority One: Averting a U.S.-China ‘Trade War’. Law & Society: International & Comparative Law eJournal.

Jarmon, J. & Yannakogeorgos, P. (2018). The Cyber Threat and Globalization: The Impact of US National and International Security. Roman & Littlefield.

Jasper, S. (2020). Russian Cyber Operations: Coding the Boundaries of Conflict. Georgetown University Press.

Microsoft Threat Intelligence. (2023). Digital Threats from East Asia Increase in Breadth and Effectiveness. Microsoft.

Mori, S. (2019). US Technological Competition with China: The Military, Industrial and Digital Network Dimensions. Asia-Pacific Review, 26, 120 – 77.

NISOS. (2023). Chinese State-Linked Information Operation Revealed Social Media Account Takeover Potential.

Pu, X., Wang, C., & Zhou, Y. (2023). Censor and Sensitivity: How China Handles US Embassy’s Public Diplomacy in Chinese Cyber Space. Journal of Chinese Political Science, 1-23.

Ravich, S. F., & Fixler, A. (2022). The attack on America’s future: Cyber-enabled economic warfare. Foundation for Defense of Democracies.

ThreatConnect Inc. and Defense Group Inc. (DGI). (2019). Project CAMERASHY: Closing the Aperture on China’s Unit 78020.

Wan, M. (2022). International Humanitarian Law and the US-China Rivalry: National Interests and Human Rights Linkage. Asian Perspective, 46, 605 – 625.

Appendix A: Chinese Affiliated Media Sites Spreading CCP Propaganda

  • Africachdaily[.]com
    • Au123[.]com
    • Azchinesenews1[.]com
    • Br-cn[.]com
    • Ccbestlink[.]com
    • Cgw[.]gr
    • Chine-info[.]com
    • China-info24[.]com
    • Chinanews[.]se
    • Chinesetimes[.]info
    • Covusarnm.sinoing[.]net
    • Dragonnewsru[.]com
    • Europechinesenews[.]com
    • Fenghuavoice[.]ca
    • Gcmcu[.]com
    • Homevoice.co[.]nz
    • Huashangnews[.]cc
    • Jpchinapress[.]com
    • Jrlamei[.]com
    • Lianhenews[.]com
    • Livejapan[.]cn
    • Mexicohuawentimes[.]com
    • Mmgpmedia[.]com[.]mm
    • Newsduan[.]com
    • Newtimesnet[.]com
    • Offstoremedia[.]com
    • Offshoremedia[.]net
    • Ouhuamedia[.]com
    • Oushivoyages[.]com
    • Puxinbao[.]top
    • Sino-mau[.]com
    • Uschinapress[.]cn
    • Uschinews[.]com
    • Usqiaobao[.]com
    • Vps.xindb[.]com
    • Xindb[.]com
Translate »