Cyber security Photo: IC
The Guangzhou Municipal Public Security Bureau’s Tianhe District Branch on Tuesday released a police report stating that a tech company in Guangzhou, South China’s Guangdong Province, was targeted by overseas hackers in a cyberattack, prompting the police to initiate an investigation. The police revealed that the attack has a clear political background and shows distinct signs of cyber warfare. The Global Times will continue to follow the progress of the investigation on the case.
According to the police report, the backend system of the self-service devices of the tech company was subjected to a cyberattack, resulting in the illegal upload of multiple attack programs that maliciously disrupted the normal operation of the system. Upon receiving the report, the public security authorities promptly launched an investigation, extracting relevant samples and legally securing electronic evidence. Through technical analysis of the attack methods and related malicious code samples, it has been preliminarily determined that the incident was a cyberattack initiated by an overseas hacker organization.
According to a relevant person in charge from the Guangzhou Municipal Public Security Bureau’s Tianhe District Branch, the attackers used technical means to bypass the company’s network protection devices, illegally accessing the backend system of the self-service devices. They conducted lateral movement to infiltrate and control multiple network devices, illegally uploading several attack programs, which affected the company’s official website and some business systems, leading to several hours of network service interruption and causing significant losses, with some user privacy information potentially leaked.
Following the incident, the company immediately activated its emergency response plan, attempting to restore the system at the earliest opportunity and reporting the case to the local public security authorities. The authorities took the matter seriously, extracting relevant attack program samples, comprehensively securing related evidence, and organizing a professional technical team to conduct technical tracing.
The relevant person in charge disclosed that this cyberattack represents a large-scale organized and premeditated operation by an overseas hacker organization, exhibiting clear signs of cyber warfare. It is not something that an ordinary individual hacker could accomplish. “Preliminary tracing has revealed that this hacker organization has been using open-source tools to conduct network asset scanning and probing against our important departments, sensitive industries, and tech companies, broadly searching for attack targets. They exploit weak points in the network defenses of targeted units and seek opportunities to invade and control target systems, stealing and damaging important data, and disrupting the normal operations of relevant institutions.”
Additionally, the technical team’s analysis indicates that the attacker’s methods and related technical proficiency were relatively low-level, exposing a significant number of digital traces during the attack. Public security authorities are currently conducting technical analysis and investigative work based on these leads.
The Guangzhou Municipal Public Security Bureau’s Tianhe District Branch stated that this cyberattack not only violated the legitimate rights and interests of the enterprise, but also posed a serious threat to China’s cyberspace order and public interest.
A cybersecurity expert told the Global Times that the attack had a clear political background, was highly targeted, and constituted an Advanced Persistent Threat (APT) operation. He further analyzed that judging from the official announcement, the overall level of the attack was not particularly sophisticated, falling within the second or third tier of APT groups’ capabilities. Currently, when it comes to cyberattacks at this level, China–from regulatory authorities to major cybersecurity firms–has already developed effective response capabilities in threat detection, tracing, and countermeasures. “We can conduct in-depth analysis of the attack process and samples, and in some cases, can pinpoint the source of the threat,” the expert said.
The police have reminded the public that any individual or organization encountering activities that endanger cybersecurity has the right to report them to the local cybersecurity department of the public security authorities in accordance with Article 14 of the Cybersecurity Law of the People’s Republic of China. The authorities will resolutely crack down on such illegal activities in accordance with the law.
In recent years, following reports of cyberattacks launched by overseas hacker groups against China, public security authorities have promptly launched investigations and ultimately identified the foreign perpetrators. The most notable cases include the cyberattack against Northwestern Polytechnical University in Northwest China’s Shaanxi Province and the cyberattack on the Wuhan Earthquake Monitoring Center.
In this regard, the expert stated that China’s technical capabilities, industrial strength, and operational mechanisms in building APT attack response capabilities have been continuously evolving. The expert outlined a timeline tracking the progress of domestic cybersecurity firms in analysis and attribution capabilities from passively responding to attacks like Stuxnet around 2010, to proactively detecting certain attack activities after 2013, and to achieving breakthroughs in tracing attacks back to individual hacker after 2016.
