Beijing, Feb 13 (IANS) China has consistently been accused by Western officials and cybersecurity researchers of conducting extensive offensive cyber campaigns, with those allegations based on intelligence assessments and technical forensics obtained following cyber attacks.
The leaked materials, including source code, training data and software assets, offer rare documentary insight into the groundwork that could enable such attacks before they occur, a report said on Friday.
Citing a cache of leaked technical documents, cybersecurity news publications, ‘Recorded Future News’ reported that China appears to be using a covert training platform designed to simulate cyberattacks against the critical infrastructure of its closest neighbours.
The internal files describe the training platform as part of a broader integrated system called “Expedition Cloud” designed to enable attackers to practice hacking replicas of “the real network environments” of China’s “main operational opponents in the South China Sea and Indochina directions.”
“The cache, which was first reported by specialist blog NetAskari, specifies recreating target computer networks used in the power, energy transmission and transportation sectors as well as in smart home infrastructure. It stresses evaluating the work of ‘reconnaissance groups’ and ‘attack groups’ in operations against these networks, with no specified role for defenders,” the report in ‘Recorded Future News’ detailed.
“Rehearsing attacks on critical infrastructure offers China a potential advantage by allowing cyber operations to be planned and practiced in advance rather than improvised in real time. Experts said the system’s design also points toward greater use of artificial intelligence in cyber operations, a shift that could give China’s already large cyber forces additional advantage,” it added.
According to the report, the existence of such a platform, focused on offensive rather than defensive operations, casts doubt on repeated assertions by Chinese officials that their government is not involved in cyber attacks.
The report stated that a closer examination of how the system divides and analyses cyber operations within the copies of adversary networks is key to understanding the scrutiny surrounding the documents.
“The platform splits the training exercises for cyber attacks between two teams with distinct roles, using templates mimicking target networks so the same scenarios can be recreated and tested repeatedly under controlled conditions,” it stated.
“Initially a reconnaissance group is sent to map the digital environment, like scouts surveying terrain ahead of an advancing force. This team identifies what systems are present on the network, which services or interfaces are exposed, and where potential access paths may exist for the second team,” it further noted.
–IANS
scor/as
