Allegations of Chinese cyber activity as the recent conflict broke out in Ukraine have been emerging.
The details appear unusually murky but one Western intelligence official believes the aim was espionage – and the cyber-attack may have been broader than previously reported.
The Times first reported that hackers, alleged to be based in China, began targeting Ukrainian websites on 23 February, the day before the invasion.
That led to questions as to whether they had advance notice of Moscow’s plans and if their intention was somehow to support Russia.
A broad set of Ukrainian government and commercial organisations were said to have been targeted by hackers, including organisations linked to nuclear power.
It is unclear how far this activity was scanning for vulnerabilities online and how many websites were actually compromised.
But the aim looks to have been espionage – stealing secrets – rather than the kind of sabotage operations which Russia was accused of carrying out just before the invasion, and when it started.
The Times cited intelligence documents – but the Ukrainian security service denied they had handed anything over and seemed to downplay the revelations, adding to confusion.
Some analysts wondered if they were worried about antagonising Beijing.
On Monday, the Chinese embassy in the UK rejected the claim and described the Times report as “sheer irresponsible talk and not credible at all”.
But some Western officials believe the story is even more complex. They claim the Chinese actors went on to target systems in Russia and Belarus, as well as Poland:
“Since late February, Chinese cyber-actors have been launching cyber-attacks against government and military networks in Ukraine, Russia and Belarus,” claims one western intelligence official.
“Russia was observed to be a significant target of the recent Chinese cyber activity,” they added.
The claim cannot be independently verified, although a number of researchers and cyber-security companies say they have seen some Chinese activity and are investigating.
There are other bizarre aspects: the attacks were more amateurish and ‘noisy’ than normal, it is claimed, almost as if the hackers were less concerned about being discovered.
And the alleged Chinese hackers, in a shift from normal behaviour, are said to have launched their campaign from Western infrastructure.
Normally, they would approach their target using servers and systems around the world. but in this case it was only from Western systems.
“The scale, timing and targets of the operation indicate a significant departure,” the Western intelligence official said.
China has always dismissed accusations that it is involved in cyber-espionage and has recently been pointing the finger at Western governments, and particularly the US, over hacking into its networks.
“The targeting of both the Ukrainian and Russian targets was conducted in a non-covert way. One possible reason for this would be to try and ‘false flag’ the activity,” the intelligence official explained.
So it is possible China was taking advantage of the conflict in order to spy, not just on Ukraine but also Russia, Belarus and other countries – but perhaps trying to do so using a ‘false flag’ – so that it could try to pin any blame on Western governments.
That is one possibility, but one which Beijing is likely to deny. Trying to understand what was really happening in this case may not be easy.