China has also been blamed for cyberattacks on multiple Indian critical infrastructure like the 2021 attack on India’s power and telecommunication infrastructure, hacking attempt on India’s vaccine makers, Bharat Biotech and Serum Institute of India, and the 2022 power grid incident in Ladakh
Krutika Patil
United States House of Representatives Speaker, Nancy Pelosi’s visit to Taiwan in August 2022 led to a slew of threatening acts by China, including military exercises near Taiwan, and targeted cyber operations.
The primary objective of these cyberattacks was to disrupt or interfere in order to weaken the confidence of the government and create chaos. These cyber operations can be categorized into three types—low impact Distributed Denial-of-Service (DDoS) attacks and data leaks; cyber-enabled disinformation operations; and cyber espionage. The Office of the President, Foreign Ministry, Defense Ministry, and Taoyuan International Airport websites suffered DDoS attacks. Various Taiwanese organizations and citizens experienced data breaches where their data was leaked online, allegedly by the Chinese. Taiwanese officials have attributed these attacks to the Chinese government.
While DDoS attacks and data leaks did not lead to much destruction, China mounted a significant cyber-enabled disinformation campaign. According to Taiwanese military officials, Chinese disinformation campaigns are “cognitive operations” aimed to harm the government’s reputation, undermine military and civilian morale, and instil fear that China would invade Taiwan. There were several instances of said disinformation campaign on Taiwanese social media platforms following Pelosi’s announcement that she was coming to Taiwan.
According to researchers, there was a lot of fake information on China’s Weibo, some of which made its way onto Taiwanese social media platforms like Line and Facebook and spread rapidly on English language Twitter. All of these incidents indicate the existence of elaborate Chinese cyber espionage campaigns because hacking websites and disinformation operations need considerable intelligence input that are most likely possible through these cyber espionage campaigns.
Based on data relating to state-sponsored cyber activity research,7 there were 13 cyber operations between China and Taiwan, of which 12 originated from China. Interestingly, eight of these operations (or 79 per cent of the total) were cyber espionage operations while the remaining four were disruptive in nature which did not cause much physical damage.
The flurry of cyber activities in Taiwanese cyberspace and Taiwan’s successful cyber defense methods have gained considerable attention from security researchers. Taiwan’s cyber defense has mainly aimed at countering Chinese cyber-enabled disinformation campaigns and defending its networks and systems infrastructure. In addition, successful cyberattack on Taiwanese semiconductor manufacturers would represent an attack on the tech industry and might disrupt the supply chain around the globe because Taiwan controls more than 60 per cent of the world’s semiconductor manufacturing.
Taiwan’s semiconductor manufacturers have been targeted by China’s state-sponsored hackers for years. In 2020, a series of deep intrusions known as Operation Skeleton Key was discovered with the goal of stealing as much intellectual property as possible, including source code, software development kits, and chip designs from Taiwanese semiconductor companies.
In February 2022, Fujimi Inc., a Japanese manufacturer of semiconductor-related products, and its Taiwan subsidiary, experienced unauthorized server access, which was later confirmed to be a malicious attack.
Since Taiwan Semiconductor Manufacturing Corporation (TSMC) supplies more than 90 per cent of the global supply of the most advanced category of mass-produced semiconductors, cyberattacks on TSMC could be detrimental to the electronic needs of the entire world and is one of the reasons why Taiwan has an aggressive cyber defensive strategy, made up of countering disinformation and protecting critical infrastructure.
Taiwan’s model of countering disinformation is based on protection of freedom of expression while still protecting its citizens from disinformation in the time of crisis, as witnessed in the recent events. Taiwan has been consistently ranked as the world’s biggest target for foreign disinformation campaigns for nine years in a row. According to Taiwanese military officials, following Pelosi’s visit, 270 instances of fake or misleading information were identified by them.
However, Taiwan has a very robust defense mechanism against disinformation campaigns which includes a community of non-profit fact-checking groups that act as the first line of defense that utilize artificial intelligence (AI) enabled fact-checking bots to crack down on fake news.
Taiwan’s Mainland Affairs Office, a government body that deals with China, also puts out urgent statements to curb the spread of disinformation that has the potential to induce panic. Taiwan’s efforts to curtail cyber-enabled disinformation campaigns are taken very seriously by government officials. According to Taiwan’s Investigative Bureau, government investigators have proved around 900 cases of disinformation since 2019 and have filed prosecutions in 200 of these incidents. However, the Investigative Bureau has also stated that since the past two years, Chinese information operations have gotten increasingly sophisticated as most operations are hidden under many layers of “posting and reposting on social media that are difficult to peel back or counter”.
Chinese cyber threat actors have a long history of attacking government organizations, critical infrastructure, private sector, and human rights activists in India. Since 2008, China has been accused of attempting to hack government organizations like the Ministry of External Affairs and National Information Centre (2008), Prime Minister’s Office (2010), Defense Research and Development Organization (2013), and Air India (2021, before privatization).
China has also been blamed for cyberattacks on multiple Indian critical infrastructure like the 2021 attack on India’s power and telecommunication infrastructure, hacking attempt on India’s vaccine makers, Bharat Biotech and Serum Institute of India, and the 2022 power grid incident in Ladakh. Furthermore, cyberattacks from China in the private sector include the 2018 compromise of Managed Service Providers and technology companies and targeting of Indian media houses in 2021.
India has also been a victim of four major Chinese espionage operations along with other countries where their civil society, government, and private organizations have been compromised. These include targeting of NGOs, political and law enforcement agencies in East and South Asia in 2019; 2020 hacking of 75 organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine; SlothfulMedia malware attack on India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine for espionage purposes; and RedFoxtrot linked cyber espionage in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan and Uzbekistan in 2021.
While Chinese cyber operations in Taiwan did not lead to an escalation, it is useful to juxtapose the key takeaways from this event as against the cyber conflict between Ukraine and Russia. China has used cyberspace to gain classified information through cyber espionage and to construct false narratives through information warfare. In the Russia–Ukraine War, both Russia and Ukraine employed disruptive cyber offensive operations to target critical infrastructure along with cyber espionage and information operations.
China was therefore cautious of not launching more sophisticated cyberattacks that would damage critical access points hampering future cyber operations or existing cyber espionage efforts. This is a crucial distinction indicating their hesitation for an on-ground escalation. Even before Russia’s announcements of “military operations” in Ukraine, Russia had undertaken disruptive wiper cyberattacks on 14 January on Ukrainian critical infrastructure networks which then led to an escalation. While offensive cyber operations by themselves aren’t indicative of a possible military conflict, coercive cyber operations coupled with threats and warnings from officials, military exercises, and suspension of talks suggest possible escalation.
China might have learnt from the Russian example that offensive cyber operations like deployment of wipers blew Russia’s access to Ukrainian networks even before the war started. Offensive cyber operations are extremely difficult to execute successfully and premature execution may result in loss of capability.
China could in foreseeable future launch more disruptive cyberattacks against Taiwan that could include targeting critical infrastructure and military assets and can be seen as a sign for a possible invasion of Taiwan. This is due to China’s military strategy that states that cyber operations play a crucial role early on in a conventional conflict.
In the Indian context, there are some takeaways given the nature of Chinese cyber operations in Taiwan. Chinese mis-information operations in Taiwan were of an advanced nature. China might face difficulties to employ similar disinformation campaigns due to the complexities in language and social norms in India. Apart from the numerous cyberattacks launched against physical infrastructure and assets in India—some of which have been mentioned in previous sections—China–Pak collusion in the information warfare domain is well-documented and a cause for concern. China can further up the ante with its ‘all-weather friend’ to undertake disinformation campaigns. China is also allegedly collecting voice samples using artificial intelligence from ‘military sensitive regions of India’, including Jammu and Kashmir and Punjab that can be later used for information and cyber espionage operations.
India needs to have a robust strategy to detect and expose China’s cyber espionage campaigns. Cyberattacks are enabled with critical intelligence gathered by Chinese government agencies. China has a long history of launching cyberattacks against Indian government organizations, critical infrastructure, private sector, and human rights activists. These attacks are indicative of an elaborate and existing cyber espionage campaign against India. The key to addressing such challenges is to reinforce intelligence gathering and enhance collaboration with private sector tech companies that have the technical expertise to help fight such operations. Finally, there is immense scope for cooperation on cybersecurity between India and Taiwan, especially on information sharing on cyberattacks and technical assistance from Taiwan to set up semiconductor plants in India.
Krutika Patil is Research Assistant for the Project on Cyber Security at the Manohar Parrikar Institute for Defense Studies and Analyses, New Delhi.
Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.
This is the abridged version of the Introduction of the book which appeared first in the Comment section of the website (www.idsa.in) of Manohar Parrikar Institute for Defense Studies and Analyses, New Delhi on September 28, 2022
