The most famous Chinese cyberattacks

How hackers made China one of ‘the world’s pre-eminent cyber players’

A member of a hacking group monitors global cyberattacks on his computer
(Image credit: Nicolas Asfour/AFP/Getty Images)

Cyberattacks have become a well-polished weapon in China’s armoury over the past decade.

Used as methods of espionage, state-sponsored data breaches and server hacks pose a significant threat to global security and public safety. And far-reaching attacks have established China as “one of the world’s pre-eminent cyber players”, says cybersecurity firm IronNet.

Cybercrime worldwide has risen by 600% during the Covid-19 pandemic, according to research published by business insurance company Embroker.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Analysts point to China as one of the main culprits. Even before the virus hit, China had overtaken Russia as the biggest state sponsor of cyberattacks against the West, research has found - although Beijing tells a very different story.

“China is a staunch guardian of cybersecurity and also one of the biggest victims of hacking,” a spokesperson for the UK’s Chinese Embassy said in July 2020. “We oppose and crack down, in accordance with law, all forms of cyber espionage and attacks.”

Lack of physical evidence and self-erasing digital footprints can make identifying who is responsible for an attack challenging. However, patterns of behaviour and methods are used to help to identify hackers, with global networks of so-called ‘ethical hackers’ aiding the process.

These cyberattacks that have made digital history in the past decade are widely believed to have been orchestrated by China:

January 2010: Operation Aurora

Hackers exploited a flaw affecting some versions of Internet Explorer to attack companies including Google and Adobe. A “zero-day vulnerability” was exploited, the term given to a newly discovered vulnerability within software which hasn’t yet been fixed by the owner. Until it is, the software is vulnerable to cybersecurity risks.

Speaking to Wired after the incident, McAfee’s vice president of threat research Dmitri Alperovitch said: “We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack… It’s totally changing the threat model.”

January 2013: The New York Times

The New York Times’s reporters and employees were victims of a sustained four-month cyberattack. The hack was instigated after the paper’s Shanghai bureau chief David Barboza published an investigation into how relatives of the then Chinese prime minister, Wen Jiabao, accrued a fortune “worth several billion dollars through business dealings”, the paper reported.

The hack was conducted “using methods” consistent with those “associated with the Chinese military in the past”, the paper continued. “The attacks started from the same university computers used by the Chinese military to attack United States military contractors in the past.”

After The New York Times released the news, The Wall Street Journal followed suit, reporting the next day that its computers had also been infiltrated by Chinese hackers.

April 2015: US Office of Personnel Management

A cyberattack on America’s Office of Personnel Management (OPM), the agency that manages the government's civilian staff, began in November 2013 and continued until April 2015. The personnel files of more than 20 million people were stolen during the hack, including fingerprint records and social security numbers.

Officials were aware hackers were accessing the OPM servers from March 2014, but believed a system reset in May 2014 would “purge the attackers”, reports CSO Online. “Unusual activity” wasn’t again detected by OPM until almost a year later.

July 2017: Equifax

The personal data of more than 147 million Americans was at risk in 2017 when hackers accessed the systems of credit-reporting agency Equifax. One of the most severe attacks to have taken place, credit card numbers and home addresses were among the stolen data. “On a scale of one to ten, this is a ten,” fraud analyst Avivah Litan said at the time, the BBC reported.

In 2020, four Chinese military hackers were indicted for the 2017 infiltration of Equifax systems. Speaking of this attack and others, including the OPM data breach, US Attorney General William Barr said: “This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence targeting packages.”

May 2020: easyJet

The data of nine million easyJet customers was compromised in what the airline described as a “highly sophisticated cyberattack”. As is often the case, “it took time to understand the scope of the attack and to identify who had been impacted”, easyJet told the BBC at the time.

“The tools and techniques used” identified a group of Chinese hackers as suspects “thought to [be] behind multiple attacks on airlines in recent months”, The Telegraph reported.

July 2020: the Vatican

The Vatican’s computer systems were attacked by suspected state-sponsored Chinese hackers. The hack took place ahead of talks between Beijing and the Vatican about the renewal of a “provisional two-year deal on the operation of the Catholic Church in China”, Reuters reports.

The attack targeted communications between the Vatican and Hong Kong diocese using methods “previously identified with state-backed hacking groups”. In November 2020, The Guardian reported that the Vatican’s Apostolic Library was battling 100 cyber threats a month, attacks which could “impact the Vatican library’s reputation” and “have significant financial ramifications”. However, direct links between China and these attacks have not been reported.

2020: coronavirus

Since March 2020, Chinese and Russian hackers have “become focused on one topic”, senior vice-president of IT security specialists Crowdstrike, Adam Meyers, told The Guardian, “referring to Covid-19”.

On 7 July 2020, two Chinese hackers were indicted for a sustained series of cyberattacks over a decade. The most recent was claimed to be targeted at Moderna Inc, and US officials said the attack had been conducted “in a bid to steal data”, Reuters reported.

Although China claimed its own vaccine research “is so far ahead it has ‘no need to steal what others are doing’”, The Guardian continued that, in September last year, “Chinese hackers were accused by Spain of stealing Covid research secrets from labs in a ‘particularly virulent’ campaign”.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.