China Policy Monitor No. 1606

PRC HACKERS INFECT RUSSIAN GOVERNMENT AGENCIES
Since late July, two PRC hacking groups, APT27 and APT31, have infected dozens of computers at Russian government agencies. After using phishing emails to gain access to the devices, the attackers downloaded remote-control malware and trojans from various cloud services. Information on the victim's computer is accessed and the computer is then used to spread the malware on to others. (The Register, August 15, 2024)

CHINA ADMITS ITS SHIP DESTROYED KEY BALTIC GAS PIPELINE
Beijing has admitted that on October 7 a Chinese ship, the NewNew Polar Bear, damaged the 77km Balticconnector gas pipeline and two telecommunications cables between Estonia and Finland. The two European countries are conducting a joint criminal inquiry into the container ship, which is owned by China's NewNew Shipping Line. At the time, Finnish border guards captured images of the ship, which after severing the pipeline sailed to St. Petersburg and on to Russia's Arkhangelsk region before returning to Tianjin. Investigators discovered a "1.5 to 4m-wide dragging trail" and have urged Beijing to provide information on the ship. China has blamed the incident on a storm, but Estonia's state prosecutor, Triinu Olev, said: "We need to collect additional evidence to determine whether the damage was caused intentionally." (South China Morning Post, August 12, 2024)

CHINA'S AI-DRIVEN BOT NETWORK AIMS TO "DEEPENS POLARIZATION"
Generative AI is now at the core of China's information warfare activities. The Green Cicada Network, as it is known, includes up to 8000 fake AI-run accounts that spread divisive political content on X. The network, which is run by an AI Large Language Model (LLM)-based system, engages mostly with contentious U.S. political and cultural issues, but also stirs controversy in Australia, the UK, Europe, India, and Japan. Green Cicada may be "staged to interfere in the upcoming presidential election. We assess that if the full scale of available accounts were engaged, they could successfully amplify polarizing content to sow division and undermine trust in civil institutions," said a report from CyberCX. "A fake network is infiltrating our democratic discourse and trying to deepen division and deepen polarization," said CyberCX spokesperson Katherine Mansted. (Australian Broadcasting Corp., August 13, 2024)

U.S. ADDS 42 PRC FIRMS TO ITS TRADE RESTRICTION LIST
The U.S. has added 42 Chinese firms to a trade restriction list amid reports that restricted U.S. technology continues to reach Russia's defense industry. Firms were targeted for their support for the Russian military, including shipping U.S. electronics to the Russian military and supplying Iranian Shahed-136 drones for use against Ukraine. Before shipping to firms on the entity list, U.S. suppliers must get a difficult-to-obtain license. The Biden administration is pressuring companies that evade Western sanctions and support Moscow. (Reuters, August 24, 2024)

MAN PUNISHED FOR BROWSING OVERSEAS WEBSITES FOUR YEARS AGO
On August 7, authorities in Ningde, Fujian arrested a man for "unauthorized access to illegal channels for international networking, browsing foreign media information, and being detrimental to national security." He received an "administrative penalty" after police discovered that in 2020 he had "climbed the wall" and browsed overseas websites. The Ningde Internet Police said: "If someone accesses foreign websites, no matter what the purpose is, whether it is to learn knowledge, to check information, or even to browse nothing, as long as one has ‘climbed over the wall,’ it is illegal." (Zaobao, August 16, 2024)