Chinese Cyber Warfare in the Indo-Pacific

Chinese Cyber Warfare in the Indo-Pacific: An analysis of means, targets, and solutions


21 | 11 | 2023


Vietnam is the most targeted country to cyber-attacks in the region, followed by Indonesia; Taiwan remains a privileged focus for the Chinese hacktivists

In the image

Chinese People Liberation Army cyber troops [PLA]

The internet can be considered as one of the most drastic developments in our recent history. It has led us to do what was unimaginable before its invention and, what is most important, has transformed our world into a connected world. Since its arrival, every aspect of reality has been affected by this invention, including how countries maintain their relations among them. Equally, it has completely altered the nature of warfare.

In order to be able to face this drastic transition, all the states have been forced to develop their cyber capabilities to keep up with their neighbours. However, whereas some of the big countries have made enormous investments in this type of technological system, others, which lack the necessary money or expertise, have not been able to do so. China is a unique case, which entered the game a bit later than Russia or the United States but has managed to catch up with them.

Although it has been able to obtain information and influence in many countries in the world, such as the United States, Australia, and Canada…, the ones that have been the most damaged have been its closest neighbours, the small Southeast Asian nations that surround the PRC. The reason can be found in the strategic importance they have for Chinese goals, such as The Belt and Road Initiative or the projects in the South China Sea. As a result, several countries and organisations have been deploying different initiatives, as well as plans, to take countermeasures to these actions.

Chinese cyber capabilities

The National Institute of Standards and Technology of the United States understands cyber-attack as “any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.” Since this is a relatively new topic, there are plenty of different definitions and thoughts. However, the following ones can be the most visible examples of this type of warfare: i) data theft, which consists of hackers stealing important information from sites that can after be sold, used for intelligence, etc.; ii) destabilisation, when the hackers attack directly to governments and its infrastructure; iii) economic disruption, attacking banks or other entities to steal money and funds; iv) propaganda attack, attacking the thoughts and opinions of people in another state, and v) sabotage, which is contained also in conventional warfare, as consists of attacking government computer systems or military devices in the interest of supporting the non-cyber warfare.

This new type of warfare is not alien to the PLA, which has been improving its capabilities of information and technological weaponry for several years. In the chapter III: Revolution in Military Affairs with Chinese characteristics, from the “white papers of 2004”, the Chinese authorities already stated their desire to develop their high-tech weaponry and even announced the creation of plans to include the most talented people from the country in this development.

In these years, these advancements have led them to interfere opinions and events all over the world by different means. According to the article ‘’Same Cloak, More Dagger: Decoding the People’s Republic of China Uses Cyberattacks’, which focused on case studies to standardise Chinese movements in this field, the tactics that are most used by China are i) DDoS (Distributed Denial of Service attacks), in which the hacker aims to make unusable a specific service or network temporarily; ii) Defacement of websites and digital signage, which leads to loss of communication, public unrest and exposure of confidential data; iii) ICS (Industrial Control Systems) attacks, which target energy and power sectors; and iv) ransomware attacks, which harm the data and availability of systems and disrupt business operations.

Moreover, China has developed several ways to avoid being targeted by cyber-attacks. Apart from the technical and technological capabilities it can gather, Chinese leaders have been also concerned about the legal disputes and affairs they can bring so as to weaken the possibility of being hacked or spied on. One of these initiatives is the Chinese Cybersecurity Law which, enacted in 2017, provides a regulatory framework and certain obligations for the use of data, which is also applied strictly to foreign enterprises working in China. Moreover, in March 2023 it published a white paper, ‘China’s Law-Based Cyberspace Governance in the New Era’, in which China proposes an international regulatory framework on the topic of cybersecurity.

It is worth adding that China is also promoting several talent search programs, together with the Ministry of Education, which is trying to recruit the best-talented people from China—and even from the rest of the world—to create the best-prepared team capable of understanding and developing better cyber capabilities

Asian countries subject to Chinese cyber-threats

Having said this, it is now time to analyse some real problems which different Asian countries have faced throughout the last years due to Chinese cyber warfare.

The first country which is worth mentioning is Vietnam. It is the most targeted country to cyber-attacks in the region. It has suffered two attacks from the same entity, 1937CN, a group of Chinese hackers who, in 2015, hacked 1000 Vietnamese websites. A year later, the same group hacked the website of Vietnam Airlines and several others and used this to send offensive messages which tried to enhance Chinese values, as well as messages about the attitudes of China in the South China Sea, and criticising and offending both Vietnam and the Philippines. 

The 1937CN group is the most important one in the Chinese hacking underground community and belongs to what is called Chinese international cyber warriors and patriotic hackers. These are groups which are not necessarily controlled directly by Beijing nor follow its concrete orders, but in one way or another serve government’s purposes and try to enhance Chinese ideals through hacking. The question that needs to be further examined is whether this group could be connected more directly to Beijing.

The second most targeted country of the region is Indonesia. In 2021 this country was subject to the hacking of ten official government ministries, military agencies, and even its intelligence service, by the Chinese cyber-espionage group Mustang Panda. The ultimate reason why Indonesia is of the utmost importance to China, and why it is constantly trying to obtain official data of the country, is because Indonesia is the most powerful country within the area, and it is also very well located.

When talking about countries that are crucial for Chinese geopolitical aims, it is necessary to talk about Taiwan. Taiwan has always suffered from Beijing’s pressure, and after the improvement of the electronic capabilities in China, the pressure it exerts has also improved. According to the Digital Society Project, a Swedish project to control and inform the relations between politics and the internet, Taiwan is the biggest target for foreign disinformation, due to its vulnerable position with China and its links to the US.

It Is Important to highlight the several attacks that Taiwan suffered in 2022 after the visit of Nancy Pelosi, former speaker of the US House of Representatives, to the island. It is well known that after this institutional act of the government of the US to Taiwan, the tensions, especially in the military sphere, between China and Taiwan, increased. Furthermore, along with this physical threat, a huge attack took place in the cyber world: a multitude of messages against Nancy Pelosi and its figure, even with fake news, on Facebook, YouTube, and other social media platforms, to manipulate people’s minds and make them think what China wants. The perpetrator of this attack was the hacking group APT27, which is said to have shut down 60,000 internet-connected devices. 

Nonetheless, one of the biggest cyberattacks suffered not only in the region but in the whole planet was the one called GhostNet. In this attack, the country which was the most affected was one of the great powers in the region: India. In 2008, 1295 computers in 103 countries were affected by malware. This included several Tibetan-exiled centres, whose computers, stored data of several exiled people, were hacked and all this information was stolen by the perpetrators. Moreover, concerning the Indian facilities, this attack targeted a lot of Indian entities, and the hackers were able to infiltrate and collect all the data they wanted. The list includes the National Security Council Secretariat, diplomatic missions, military engineer services, and several government-related entities all over the world, thus all of these places were chosen because of the privileged information they could store. The researchers of the University of Toronto, the ones to study this case, said that they were not sure about the direct intrusion of the Beijing government in the massive attack, whereas other researchers from Cambridge rapidly pointed out the Chinese mandatories as actual gliders of the sabotage. 

Two years later, in 2010, the same researchers managed to deliver ‘Shadows in the Cloud: Investigating Cyber Espionage 2.0,’ a report in which they developed another research about an operation named Shadows in the Cloud, where the main targets were Indian entities and the Dalai Lama offices throughout the world. In these attacks, the hackers managed again to recover official files of the Indian government and embassies. Moreover, the researchers alerted that the pirates, whose origin was in the Sichuan province in China, had also been capable of trespassing on the cyber defences of the UN facilities.

Taking into account all of these examples, it is possible to say that Chinese advances in technology have led to a huge capacity to enter not only governmental computers but also private ones. China’s attack on ASEANand Indo-Pacific countries must be seen in the content of the Indo-Pacific strategy these territories have against China and the great power rivalry in the organisation.

Global regulation of cyberspace

Having analysed recent cases in which Chinese cyber-attacks have targeted South Asian nations, it is now the moment to know how these states have developed ways in order to weaken Chinese technological influence in their territories. This has two different spheres: the technological one, in which countries use the same tools used to attack them to build a shield capable of resisting those aggressions. The most typical ones are identity and access management, network security controls, intrusion detection and prevention systems, and data loss prevention and recovery. The second, in which, instead of implementing cyber measures to protect themselves, they develop legal regimes and plans to lessen the possibility of being a target to any of the priorly described attacks. This is going to be described in three different stages, each one broader than the other: what the states can do by themselves, what regional or supranational organisations can do, and finally what the international society as a whole can contribute to the fight against cyber warfare.

Firstly, referring to the individual steps each country has made and could make, the most advanced one has been Singapore. It was designed in 2020 with a rank of four, along with South Korea and Spain, related to the global cybersecurity index. The reason for this can be found in the fact that it started soon with the task of developing a cybersecurity plan of action, due to its dependence on interconnectedness and a series of continuous cyber-attacks it suffered in 2016. According to the renewal of its capacities and situation it published under ‘“Singapore Cyber Landscape 2022”’, its main focuses on this topic are categorised are pillars, which are building resilient infrastructure, enabling a safer cyberspace, and enhancing international cyber cooperation, which explains the efforts of this country to help with the development of UN and ASEAN plans in cyber security.

The most targeted country, Vietnam, has also put an effort to enact several laws and plans to develop its abilities to countermeasure cyber-attacks. Vietnam passed its Law on Cyber-Information Security in 2015, and since then it has also been actualising its way of acting to advance as fast as cyber reality does. That is why in 2022 it published its last national cybersecurity strategy, in which it stated its aims to strengthen the management of the State over cybersecurity, to complete legal frameworks, and to protect national sovereignty in cyberspace, as well as to protect digital infrastructure, platforms, data and cyberinfrastructure.

Nonetheless, as it is usually said, “unity is strength”, and even more in topics like this in which the enemy is sometimes invisible and unpredictable. That is why it is necessary the intervene in these plans of action of supranational entities capable of coordinating a common conjunction of norms to act for the whole territory. In this supranational category, we can find one main organisation in the area: ASEAN.

ASEAN has been for many years trying to create a general group of norms and plans to act within its territory and outwards related to cyberspace. Firstly, it was done by its ASEAN Cybersecurity Cooperation Strategy, which covered the years from 2017 to 2020 and signified the creation of several meetings, organisations inside the entity, and several other actions to provide a common set of norms among the Southeast Asian nations. Moreover, ASEAN expressed in 2017 support for the UN to create international voluntary cyber norms. In 2021, ASEAN released the second Cybersecurity Cooperation Strategy, which covers from 2021 until 2025, and establishes a list of ambitions ASEAN wants to reach for that year: i) advancing cyber readiness cooperation, ii) strengthening regional cyber policy coordination, iii) enhancing trust in cyberspace, iv) regional capacity building, and v) international cooperation. This strategy supports the creation of a multilateral order based on non-binding and voluntary norms.

Lastly, the international community as a whole is trying to develop a common framework of regulations in this category. Although this is such a hard issue, as it can put into conflict the aims of many different countries with many different interests, some countries and organisations have tried to reach some spots. We can talk about the main program of the UN in this area, the UNCCT Counter-Terrorism Programme on Cybersecurity and New Technologies, which aims to develop states’ and organisations’ capacities to prevent cyber-attacks directed at its infrastructure and mitigate their impact. In 2022, together with INTERPOL, it launched the CT TECH initiative, to strengthen the capacities of law enforcement and judicial control in the developing sector of technology with terrorist uses.

The most successful success in this matter has been the Budapest Convention, conducted by the Council of Europe which came into force in 2004. It provides for the criminalisation of the conduct of illegal access, data and systems interference, computer-related fraud, and child pornography; procedural powers for the investigation of such activities; and efficient international cooperation. Although there are 68 parties to the treaty—China was one of the observers during the convention but refused to enter—there are not a lot of binding statements, thus again it is difficult to establish the desired set of norms to regulate cyberspace.


China is seen as an actual threat by the surrounding nations, who have been attacked in several ways and moments, even by the Chinese government itself or by its ‘hacktivists’ trying to spread Chinese messages in a very malicious way. Although it has been stated that regulations and ways to protect from these attacks are being developed by virtually the whole planet, there is a long path to go if the International Society wants to reach an ideal framework able to take the necessary actions to prevent or avoid these kinds of operations. Moreover, the field of cyberspace is a constantly evolving field, so there is necessary action to be taken by almost all countries to evolve at the same time, or, otherwise, more and more states will suffer the consequences of this terrible weapon.