Warning analysts have highlighted the increasing power and frequency of cyberattacks linked to Chinese intelligence as foreign governments test their response. This comes in the wake of revelations concerning a large-scale hack of British data.

Both the British and American governments disclosed that the hacking group Advanced Persistent Threat 31 (APT 31), supported by Chinese government spy agencies, has been targeting politicians, national security officials, journalists, and businesses for several years. They have been accused of carrying out cyber attacks. In the UK, hackers potentially accessed information held by the Electoral Commission on tens of millions of British voters, and cyber espionage targeted vocal MPs on the threat posed by China. Sanctions have been announced against Chinese companies and individuals involved by both the US and UK governments.

New Zealand’s government also expressed concerns to the Chinese government about Beijing’s involvement in attacks aimed at the country’s parliamentary institutions in 2021.

Analysts informed the Guardian that there are clear indications of a rise in cyberattacks believed to be orchestrated by Chinese attackers with ties to Chinese intelligence and government.

Chong Che, an analyst at Taiwan-based cyber threat analysis firm T5, stated, “Some hacking groups often rely on China to carry out attacks on specific targets, such as the recent iSoon Information incident. It’s an information security company that has a contract with intelligence agencies.” T5 has observed an increase in constantly evolving hacking activity by Chinese groups in the Pacific region and Taiwan over the past three years.

Chong also mentioned that while there isn’t enough information to directly trace activities to China’s highest leadership (with the Chinese government denying the allegations), activity can’t be discounted considering the Chinese system that does not differentiate… They believe that their objective is to infiltrate specific targets and steal critical information and intelligence, whether political, military, or commercial.

Several analysts noted that Western governments have become more willing to attribute cyberattacks to China after years of avoiding confrontation with the world’s second-largest economy.

David Tuffley, senior lecturer in cybersecurity at Australia’s Griffith University, remarked, “We’ve shifted from being less critical in the past to being more proactive, likely due to the increased threat and scale of actual intrusions. They are now a much more significant threat.” Cyberattacks are part of China’s gray zone activities, actions that approach but do not reach the threshold of war.

Tuffley highlighted that while much of the cyber activity is regionally focused on Taiwan and countries in the South China Sea with territorial claims, the cyberattacks are widespread. China aims to cause instability in the target country and test adversary defenses, rather than engage in violent war.

Tuffley warned of the risk of escalation, noting that other governments like the US and UK also possess sophisticated cyber espionage capabilities but have not publicly threatened action against China. US authorities charged individuals with conducting cyberattacks in violation of US law, suggesting a deep level of knowledge about the attacks.

Adam Marais, chief information security officer at Arctic Wolf, commented, “If you’ve been involved in cybersecurity for many years, this report from UK authorities won’t surprise you at all. Beijing continues to view cyber as a natural extension of its national strategy and has little fear of using cyber technology to advance its national interests.”