Table of contents
- Phishing and malicious auto-replies
- Industrial sector targeted
- Security gaps exposed
- Government recommendations
A recent cyberattack targeted the corporate email accounts of a Chinese government agency to steal classified information. According to officials, a hostile foreign force was behind the operation. Once inside, hackers used the compromised accounts to spread malware to connected units.
Authorities acted swiftly to contain the damage, but the incident exposed major weaknesses in internal cyber security practices.
Phishing and malicious auto-replies
The attackers relied on phishing techniques and technical intrusions. Once inside, they activated hidden malicious auto-replies: anyone who emailed the compromised accounts received an infected message, becoming a new infection source.
This chain reaction expanded the campaign’s reach while spreading disinformation and raising social security risks.
Industrial sector targeted
The main target was a strategic department in a sensitive industrial sector, under surveillance by foreign intelligence agencies. If exploited, the stolen information could have gravely harmed China’s national interests.
Security gaps exposed
Investigations revealed critical flaws:
- Shared accounts with poor authorization management.
- Unencrypted terminals and outdated antivirus software.
- USB device misuse, fueling cross-infections.
Lack of staff awareness worsened the issue, with employees clicking on suspicious emails despite past data leaks.
Government recommendations
China’s National Security Agency issued strict guidelines:
- Enhance training and awareness.
- Use complex, regularly updated passwords.
- Enable multi-factor authentication (MFA).
- Ensure regular updates and antivirus scans.
Suspicious espionage activities can be reported via hotline 12339, platform www.12339.gov.cn, or the Ministry’s WeChat channel.
