What is cyber espionage behavior? What should we do if we discover "cyber espionage behavior"? One article understanding
September 11th to 17th this year is the 10th National Cybersecurity Awareness Week. Currently, cyberspace has become an important area for foreign espionage agencies to carry out cyber espionage work against China, and China has become the main victim of high-level sustained threat attacks.
The reporter learned from the Ministry of National Security that in recent years, national security agencies have discovered dozens of spy and intelligence agencies from different countries and regions carrying out cyber attack activities within our territory.
The Anti Spy Law clarifies what constitutes cyber espionage behavior
The Anti Espionage Law of the People's Republic of China, which came into effect on July 1st this year, stipulates that cyber espionage refers to "activities carried out by espionage organizations and their agents, or by directing or funding others to carry out, or by domestic and foreign institutions, organizations, individuals colluding with them to carry out cyber attacks, intrusions, interference, control, destruction, and other activities against state organs, confidential units, or critical information infrastructure.".
Foreign spy intelligence agencies attack China's network in multiple ways
What methods are commonly used by foreign spy intelligence agencies to launch cyber attacks on China?
According to national security agencies, there are various ways in which foreign espionage and intelligence agencies carry out cyber attacks and infiltration operations against China. Or establish specialized agencies, establish "cover companies", and develop professional means to directly implement in China, or instruct professional companies and hacker organizations to implement through "behind the scenes manipulation" and "service outsourcing", or attract domestic institutions and personnel to implement through "purchasing" data, loopholes, tools, and other means. Some countries also use the pretext of "going hunting" to attract other countries to jointly implement.
Unlike regular hackers, cyber espionage attacks are more covert
The national security agencies have also disclosed some foreign espionage intelligence agencies, which use cyber attacks to carry out espionage activities. Let's learn together ↓
Unlike general hackers in society, foreign espionage and intelligence agencies have the ability to mobilize resources, strong technical capabilities, rich experience in network attack activities, and more covert methods.
![What is cyber espionage behavior? What should we do if we discover "cyber espionage behavior"? One article understanding](https://a5qu.com/upload/images/06bbc7a1822b543cb2365ba4c2cdc0fc.jpg)
Some of them collect and steal personal information data, use social engineering to accurately forge phishing emails and websites targeting their target audience for deception attacks; Some directly launch attacks and infiltrates into China by mining and purchasing critical software systems and hardware devices with zero day vulnerabilities; Some first invade and control the network of supply chain enterprises or operation and maintenance service institutions in China, and then use this as a "springboard" to attack downstream user units; Some large-scale infiltration and control of civilian and household network equipment in China, establishing "positions" to carry out cyber attack activities against China and other countries.
The spy's black hand extends to higher education institutions, research institutions, etc
What are the targets of attacks by foreign spy intelligence agencies? From the perspective of being attacked, which systems, computers, and other software and hardware devices have been affected?
From the perspective of attack targets, foreign espionage and intelligence agencies not only continue to carry out cyber attacks on traditional targets such as China's state organs and classified units, but also continuously strengthen their attack penetration into China's key information infrastructure and major infrastructure network systems, and further extend their black hands to institutions such as higher education institutions, scientific research institutions, large enterprises, high-tech companies, as well as corporate executives, experts and scholars. For example, the case of Northwestern Polytechnical University being attacked on the internet in 2022 is a typical cyber espionage operation. Foreign espionage and intelligence agencies have used 41 specialized network attack weapons and equipment to launch thousands of attacks and espionage operations against Northwestern Polytechnical University.
In addition, from the perspective of the attack situation, it can be said that various software systems such as email, office automation, user management, and security protection are involved, as well as various hardware devices such as servers, computers, switches, routers, as well as civilian household devices such as mobile phones, Wi Fi, and cameras, which can be said to be "ubiquitous".
Cyberespionage seriously affects national security
National security agencies have pointed out that overseas espionage and intelligence agencies engage in large-scale, deep level, and sustained cyber attacks. Once the network systems of state organs, confidential units, and other important enterprise institutions in our country are attacked or invaded, the stored and processed state secrets, important data, file materials, etc. may be "wiped out" in one go. Once the key information infrastructure and major infrastructure network systems in our country are invaded and controlled, they will face the risk of being disrupted and destroyed at any time. Foreign espionage and intelligence agencies engage in cyber attacks to steal commercial secrets and intellectual property rights of Chinese enterprises and institutions, and monitor the online communication content of Chinese citizens for a long time, which seriously infringes on the legitimate rights and interests of Chinese citizens and organizations.
Discovering cyber espionage behavior should be reported promptly
Recently, national security agencies have also issued reminders to the public on how to handle and report espionage activities discovered on the internet.
What should we do if we discover "cyber espionage behavior"?
![What is cyber espionage behavior? What should we do if we discover "cyber espionage behavior"? One article understanding](https://a5qu.com/upload/images/c2103f5a679a803a25ee16a875696585.jpg)
The national security organ reminds that citizens and organizations should report online espionage to the national security organ through 12339 reporting telephone, online reporting platform, WeChat official account reporting channel of the Ministry of National Security, etc.
At the same time, in order to better investigate and deal with cyber espionage, the Anti Spy Law also stipulates that logistics operators such as postal services and express services, as well as telecommunications business operators and Internet service providers, should provide necessary support and assistance for national security organs to investigate espionage according to law.
How do national security agencies deal with "cyber espionage"?
According to the Anti Espionage Law, if national security agencies discover risks such as network information content or cyber attacks involving espionage activities, they should handle them according to the following procedures:
In general, according to the division of responsibilities stipulated in the Network Security Law, the relevant departments shall be notified in a timely manner, and the telecommunications business operators and Internet service providers shall be disposed of or ordered to take measures such as repairing loopholes, strengthening network protection, stopping transmission, eliminating procedures and contents, suspending relevant services, removing relevant applications, closing relevant websites, and keeping relevant records.
In case of emergency, if no immediate measures are taken that will cause serious harm to national security, the national security organs shall order relevant units to repair vulnerabilities, stop relevant transmission, suspend relevant services, and notify relevant departments.
After the risk is eliminated, national security organs and relevant departments should make timely decisions to restore relevant transmission and services, and protect the legitimate rights and interests of relevant enterprises and individuals in accordance with the law.
After investigation according to law, if "cyber espionage behavior" constitutes a crime, criminal responsibility shall be pursued in accordance with the law; If it does not yet constitute a crime, the national security organs shall impose administrative penalties such as warning, fine, confiscation, detention, etc. in accordance with the law, and may suggest relevant competent departments to make corresponding administrative sanctions in accordance with the law.