Page:ISC-China.pdf/45

Espionage actors, including so-called 'patriotic hackers' (to whom the state turns a blind eye) and cyber criminals. GCHQ assesses that China focuses its UK cyber activity on *** rather than ***.

Chinese cyber operations have achieved considerable success in penetrating foreign government and private sector IT systems. They also support HUMINT targeting efforts, providing useful insights into vulnerabilities or potential motivations. Defending against them requires ***: GCHQ told us that it assesses that there are between *** and *** active Chinese cyber groups ***. Its effort is focused ***. GCHQ told the Committee that: ***

Increasingly, sophisticated cyber operations have become a prominent feature of China's approach, and the UK Government assesses that ChIS cyber and signals intelligence (SIGINT) actors ***. GCHQ judges that, while campaigns around cyber security (for instance, not clicking links or downloading attachments) have been successful in increasing user awareness, the substantial rise in home working means that there are now more opportunities to get into an organisation as people use different technologies to connect remotely to a network.

China's cyber expertise allows it to target a diverse range of organisations and datasets—and increasingly unusual ones. In 2015, the hacking of the US Federal Government's Office of Personnel Management (OPM) was attributed to a Chinese state-sponsored hacker group. The OPM held the data on background checks run by the US government on their employees, and the hackers obtained the personal details of around four million current and former federal employees. Such a dataset could be used to help the ChIS identify potential HUMINT targets within the US Federal Government. China's acquisition of large amounts of data to enable it to identify, and track, targets is covered in more detail in the Case Study on Industry and Technology.

A more recent example of this expertise is the hacking of Equifax, an international credit reference agency, which took place in 2017. In February 2020, the FBI filed an indictment alleging that a branch of the PLA was responsible for the theft of a huge quantity of data, including the names and dates of birth of 145 million Americans and at least 13 million UK citizens (amongst other nationalities). Of those UK citizens, 841,000 had additional information, such as driving licence details and phone numbers, stolen, and 14,961 UK citizens also had passwords, usernames or partial credit card records stolen. There has been no evidence of criminal use of the data—instead, the information could be used to identify people working in sensitive research fields, politics or intelligence. There are also concerns that, depending on the level of information stolen, it could be used as a basis for blackmail.