DECODED – Did China Help Moscow Hack Ukraine & Share Critical Intelligence Before The Russian Invasion?

According to the intelligence memos obtained by Ukraine’s security service, the SBU said that the Chinese government launched cyber-attacks targeted at 600 websites belonging to the government and other key institutions, the British daily newspaper The Times reported.

The security agency alleged that China appeared to have had advance notice of the invasion because the attacks began before the end of the 2022 Winter Olympic Games held in Beijing and escalated the day before Russian troops invaded Ukraine on February 24th.

In February, at the onset of the Winter Olympics, the Chinese premier Xi Jinping hosted the Russian delegation led by President Vladimir Putin and issued a joint statement declaring that the bonds between the two countries had “no limits”.

Xi and Putin also opposed the further expansion of NATO. Shortly after this, the SBU said that there was an increase in Computer Network Exploitation (CNE) attacks targeted at Ukrainian military and nuclear targets for reconnaissance and espionage.

While Russia is believed to have conducted numerous cyber-attacks on Ukraine in the lead-up to the invasion, the SBU said it also detected hacks that had the attributes of the cyber warfare unit of the People’s Liberation Army.

Vladimir_Putin_and_Xi_Jinping
File Image: Vladimir Putin and Xi Jinping

“Intrusions that are of particular concern include the CNE campaigns directed at the State Nuclear Regulatory Inspectorate, and the Ukrainian Investigation Website focused on Hazardous Waste,” read one memo. “This particular CNE attack by the Chinese cyber program included the launch of thousands of exploits with attempts pointed to at least 20 distinct vulnerabilities.”

The SBU said other targets of the attacks included border defense forces and the national bank. The attempts were designed to steal data and explore ways to disrupt or shut down defense and civilian infrastructure, the SBU added.

Cyberspace is an important aspect of the Chinese geopolitical outlook and China’s military strategy emphasizes cyber capabilities as an area that the People’s Liberation Army (PLA) should invest in and use on a large scale.

For over a decade, China has been working aggressively towards informatization of the PLA which means enhancing military capabilities for new age warfare based on information technology.

In December 2015, Beijing created the PLA Strategic Support Force (PLASSF) as a counterpart to the US Cyber Command Centre that would effectively combine the PLA resources in the field of cyber, space and electronic warfare. The PLASSF is under the direct command of the Central Military Commission which gives President Xi Jinping complete control.

xi-jinping
File Image: Xi-Jinping

The PLA has the capability to employ cyber warfare in support of military operations, such as by establishing information dominance in the early stages of a conflict by targeting network-based Command and Control (C2) centers, C4IRS and logistics of the adversary thereby hindering its mobilization and deployment of troops.

In the past, China has been known to have conducted a flurry of cyber-attacks targeting India’s critical infrastructure during border tensions that led to a military standoff between the armed forces of the two countries.

According to Jayadev Ranade, ex-Additional Secretary, R&AW, “Deception, stealth, ingenuity and evasion of war are the principles China follows. Cyberwarfare fits well into this school of thought. The integrated cyber security and technology firms with the PLA units to create cyber battalions within PLA.”

Ranade said that as per information obtained a few years ago, an estimated 50,000 analysts in Chengdu, China are solely stationed to probe and focus on India and its repertoires, including cyberspace.

China is said to be conducting passive surveillance of the Indian cyber networks. Chengdu hosts the headquarters of the Western Theatre Command of the PLA that is responsible for the entire Indian frontier from Ladakh to Arunachal Pradesh.

However, the case of Ukraine is much different than India as China does not have any dispute or conflict with Ukraine. China, being a staunch Russian ally, has not publicly declared its support or opposition to the war in Ukraine.

China-spy
For representational purpose only.

Also, according to some other experts, the Chinese outlook on cyberspace differs from that of Russia and therefore collaboration between the two countries is highly unlikely.

China tends to employ cyber espionage to gather intelligence and steal intellectual property and trade secrets, rather than disrupt and harm the networks and operations of critical infrastructure.

“Generally, when we talk about China in cyberspace, we’re talking about cyber espionage more than cyberattacks,” said Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School.

For example, Chinese cyber-attacks in past have allegedly targeted US nuclear facilities for information on American nuclear weapons and the F-35 Joint Strike Fighter program of which the hackers managed to copy large amounts of data. Furthermore, Russia itself has formidable cyber capabilities and so it is unlikely that Moscow would ask for China’s assistance in this regard.

“I find it unlikely that the Russians would enlist China’s help with that,” said Michael Daniel, president and CEO of Cyber Threat Alliance.

“Russia has so much [cyber] capability on its own … it’s difficult for me to imagine that kind of collaboration,” Daniel further added. Meanwhile, the UK government is investigating the allegations brought out by The Times. A UK government spokesperson said: “The National Cyber Security Centre is investigating these allegations with our international partners.”

That said, the major powers such as the US, India and other partner nations in the Pacific Quad Dialogue – Australia and Japan – are growing increasingly wary of growing development in China’s cyber capabilities.

The EurAsian Times reported in late March about the Senior Cyber Group, comprising officials from four countries, meeting in Sydney for discussions on cybersecurity cooperation and agreed on a new plan to boost cybersecurity protection and resilience between Quad member countries.