Page:ISC-China.pdf/148

CHINA

385. The cyber threat from China emanates principally from the Ministry of State Security and the PLA. These organisations are almost certainly responsible for ***, and their cyber activity is closely correlated with the Chinese government's economic and military development goals.^[1]

     APT10

     APT10^[2] is one of the best-known Chinese hacking groups, and has carried out numerous malicious cyber campaigns on behalf of the Chinese Ministry of State Security (MSS). *** it has targeted government, defence, mining, information technology, *** with victims identified worldwide, including in Europe, Asia, and the United States ***. ***.^[3]

     In 2016, *** it was detected that there had been a large-scale compromise of a number of Managed Service Providers (MSPs) (companies which provide IT and network support, including hosting emails). The attack, widely known as 'Cloud Hopper', facilitated economic and strategic espionage.

     The UK Government publicly attributed the Cloud Hopper MSP campaign to APT10 in December 2018, linking the group explicitly to the MSS. This was the first time that HMG had publicly named elements of the Chinese government as being responsible for a cyber campaign.^[4]

386. China's sophisticated cyber capabilities could, in theory, be employed to conduct a cyber attack against UK infrastructure. ***. In the words of NCSC:

     on cyber attacks that [the Chinese] undertake, ***.

     *** they use their intelligence capabilities very much for ***. They do have offensive cyber capabilities. *** exercising those cyber capabilities *** … around the blurring of some of their capabilities … I think absolutely we're alive to them using cyber as a means to enable HUMINT and the other way round and so work very closely together to sort of make sure that ***.^[5]