On the 16th, the official WeChat account of China’s State Security Department published an article titled “How Do ‘Cyber Spies’ Exploit Opportunities?” It pointed out that the current cyberspace has become an important battleground for overseas intelligence agencies to conduct espionage activities against China, and the cybersecurity situation is becoming increasingly severe.
The State Security Department pointed out that in recent years, overseas “cyber spies” have taken advantage of inadequate security precautions, negligence, and the pursuit of convenience in important domestic units, continuously attacking the information systems of key domestic units, departments, and enterprises through various means. They establish covert transmission channels to continuously steal important sensitive data, endangering China’s data and cybersecurity.
The article specifically mentioned that overseas “cyber spies” often use various network mapping platforms to scan known network vulnerabilities in bulk. Once they discover that important units have not patched vulnerabilities in a timely manner, they immediately launch targeted attacks to steal data. Recently, the national security agencies found that a military-civil fusion enterprise, including its office platform, had multiple systems with high-risk security vulnerabilities due to outdated software updates, leading to a “wide-open door.” Overseas “cyber spies” discovered these vulnerabilities in the enterprise and exploited them to invade and implant Trojan viruses, stealing important production and customer data from the enterprise, thereby harming China’s military equipment technology development and threatening China’s military and technological security.
The State Security Department specifically pointed out that overseas “cyber spies” pay close attention to “software supply chain” enterprises, attempting to continuously attack relevant enterprises through phishing emails, network scanning, etc., and targeting system administrators with system management permissions as the primary targets for espionage.
After further analysis, it was discovered that previously, when this enterprise was testing a network system, it deployed a testing device and granted various permissions to it. After the testing work ended, the device was not taken offline in a timely manner and continued to run unattended. Overseas “cyber spies” seized this opportunity, using it as a springboard to penetrate the internal network, launch cyber attacks, and successfully steal the core data of the enterprise, resulting in the theft of important basic data for China’s livelihood.
The State Security Department emphasized that key units for anti-espionage security should strengthen daily security management of confidential matters, places, carriers, etc., and adopt physical anti-espionage measures such as isolation reinforcement, closed management, and setting up alerts. They should also take corresponding technical measures and other necessary measures in accordance with the requirements and standards of anti-espionage technical prevention to strengthen technical anti-espionage measures for key departmental locations, network facilities, and information systems. Citizens and organizations are urged to work together with national security agencies to carry out security prevention, investigation, and disposal work against cyber espionage, and to report suspected cyber espionage activities to national security agencies in a timely manner.