Skip to Content

China Hit by Rise of Attacks

China sees a major increase in infections on file-sharing sites and more targeted, localized malware threats.

China-based hackers are sometimes accused of being behind major external attacks like the one on the U.S. Office of Personnel Management, as well as acts of corporate espionage. But China has worsening internal problems, too.

In September, a counterfeit copy of Apple’s Xcode software development tool was offered on a local file-sharing site, leading to infections on iPhone apps created with the fake tool. The hack, which ended up affecting more than 100 million mostly China-based iPhone users, was Apple’s biggest security breach to date.

A possibly even larger hack was an October attack on NetEase, one of the top social-media and news platforms in China. A hack of its e-mail system, which is still under investigation, potentially exposed the aliases, security questions and answers, passwords, and other data of hundreds of millions of primarily Chinese users.

Hong Jia, a cofounder of the China-based threat intelligence firm ­ThreatBook and former cybersecurity expert at Microsoft, says companies and individuals in China are beginning to wake up to the threat. “Enterprises [in China] know that someday they will get targeted and a whole company can be exposed by an attack,” Hong said in an interview at the Association of Anti-Virus Asia Researchers International Conference, held in December in Danang, Vietnam.

According to a survey by auditing firm PricewaterhouseCoopers, over the past year companies in China and Hong Kong saw around 1,245 attacks each on average, compared with 241 the year before. In addition to big hacks like the iPhone incident, Chinese companies have experienced a rapidly rising number of attacks that use so-called social engineering to trick individuals into clicking links that download malware onto the user’s computer. “The threats you see in China are really, really targeted,” Ingvar Froiland, director and general manager for the security company F-Secure, said in an interview at the Da­nang conference. Froiland said the threats are often language-­specific or event-specific—such as targeted attacks during Chinese New Year and other holidays. He added that they also may be system- and application-­specific: for example, they are sometimes launched through games that may not be used widely outside China, or through file-­sharing sites accessed mainly by Chinese users.

At Chinese companies, attacks are rising sharply. And Chinese hackers are launching more internal attacks through local file-sharing sites and games used mainly within the country.

Chinese authorities even discovered a “hacking village” last year. In a mostly rural area bordering Vietnam, large numbers of people were involved in cybercrime, cyberfraud, and hacking, often using the popular QQ instant messaging software run by Tencent, one of the world’s biggest Internet companies.

At the Danang conference, Liu Zhao, an antimalware analyst at Tencent, said he has been finding increasing numbers of new tricks deployed by hackers in China, including malicious files masquerading as harmless icons attached to documents sent to specific victims. Real-world parent-­teacher, school-student, or business-­consumer relationships—often discovered from stolen e-mails—are sometimes used for extortion, he added.

To fight targeted attacks, Hong said, analysts are working on analyzing traffic flowing from computer addresses and domain names to find the source, such as the hacking village. “We can see … what person might be behind it,” Hong said. Adding to China’s woes is that citizens often do not add protections to their mobile devices. Worldwide, “awareness of threats to mobile devices is not there yet,” Froiland said.

Keep Reading

Most Popular

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

crypto winter concept
crypto winter concept

Crypto is weathering a bitter storm. Some still hold on for dear life.

When a cryptocurrency’s value is theoretical, what happens if people quit believing?

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.