Secret contracts and secret missions that are not customary to talk about out loud.
A recent report by Sekoia's team and cybersecurity expert Colin Shawan reveals a multi-layered system of cyberattacks supported by Chinese government agencies. The document, titled "The Three-Beat Waltz: China's Ecosystem of State-Sponsored Cyber Threats," details the coordinated work of military, state, and civilian entities coordinated by the Chinese Communist Party.
The main "pillars" of China's cyber espionage activities are the People's Liberation Army of China (PLA), the Ministry of State Security (MGB) and the Ministry of Public Security (MOB). Each of these actors has its own functions and harmoniously complements each other. If earlier the PLA was responsible for cyber operations as part of military tasks, then since 2021 the MGB has seized the initiative.
The PLA, with its significant cyber capabilities, is focused on achieving information superiority on the world stage. The MGB, in turn, relies on an extensive network of regional offices and cooperation with private companies to conduct espionage and counterintelligence. This tactic allows China to hide the direct involvement of the state by resorting to the services of private contractors.
China's cyberattack strategy goes beyond traditional state structures. Since the 1990s, patriotic hackers have supported the government by attacking foreign targets on their own. Over time, the authorities began to integrate these groups into state operations, which became part of the national "Civil-Military Fusion" strategy initiated by Xi Jinping in 2015.
Of particular concern is the existence of a "custom hacker" market, where government agencies contract with private companies to carry out cyber operations. The so-called I-SOON leaks have demonstrated that contractors at the regional level play a key role in this system. This confirms that the provincial and city structures of the MGB and the Ministry of Public Security have considerable autonomy in conducting cyberattacks.
Competitions like the Tianfu Cup allow citizen hackers to be brought in to identify vulnerabilities that are then exploited in government operations. The closed nature of Chinese cybersecurity and the ban on sharing vulnerabilities with the international community contribute to the accumulation of unique tools within the country.
Sekoia's analysis highlights that China continues to blur the lines between public and private cyber operators. This complicates the attribution of attacks and requires a rethink of approaches to cybersecurity.
Source
A recent report by Sekoia's team and cybersecurity expert Colin Shawan reveals a multi-layered system of cyberattacks supported by Chinese government agencies. The document, titled "The Three-Beat Waltz: China's Ecosystem of State-Sponsored Cyber Threats," details the coordinated work of military, state, and civilian entities coordinated by the Chinese Communist Party.
The main "pillars" of China's cyber espionage activities are the People's Liberation Army of China (PLA), the Ministry of State Security (MGB) and the Ministry of Public Security (MOB). Each of these actors has its own functions and harmoniously complements each other. If earlier the PLA was responsible for cyber operations as part of military tasks, then since 2021 the MGB has seized the initiative.
The PLA, with its significant cyber capabilities, is focused on achieving information superiority on the world stage. The MGB, in turn, relies on an extensive network of regional offices and cooperation with private companies to conduct espionage and counterintelligence. This tactic allows China to hide the direct involvement of the state by resorting to the services of private contractors.
China's cyberattack strategy goes beyond traditional state structures. Since the 1990s, patriotic hackers have supported the government by attacking foreign targets on their own. Over time, the authorities began to integrate these groups into state operations, which became part of the national "Civil-Military Fusion" strategy initiated by Xi Jinping in 2015.
Of particular concern is the existence of a "custom hacker" market, where government agencies contract with private companies to carry out cyber operations. The so-called I-SOON leaks have demonstrated that contractors at the regional level play a key role in this system. This confirms that the provincial and city structures of the MGB and the Ministry of Public Security have considerable autonomy in conducting cyberattacks.
Competitions like the Tianfu Cup allow citizen hackers to be brought in to identify vulnerabilities that are then exploited in government operations. The closed nature of Chinese cybersecurity and the ban on sharing vulnerabilities with the international community contribute to the accumulation of unique tools within the country.
Sekoia's analysis highlights that China continues to blur the lines between public and private cyber operators. This complicates the attribution of attacks and requires a rethink of approaches to cybersecurity.
Source
