Welcome to Memetic Warfare.

This week we’ll take a look at the DoD’s latest annual report to Congress on China, available here.

We’ll skip right to the cyber and IO side of the house, jumping through the various sections that are relevant to this publication. Firstly, we have a reference to “cyber developments”, specifically the PLA and its new Information Support Force and Cyberspace Force. While not new, I do find it it interesting to see that the PLA Cyberspace Force is resposnible for full spectrum cyber/IO - a force structure that other countries should adopt.

It’s also interesting to see a reference to how China would seek to create “disruptive and destructive effects” in case of war via cyber, such as DDoS attacks includnig against targets with “politial and economic significance” in an attempt to “shape decision making”. Essentially, believing that China would engage in cyber-enabled influence operations as part of actual quote unquote cyberwar.

We see more of this in a specific section below that refers to Chinese actions against the US DoD, stating that China woudl seek to induce “social panic” amongst other end goals:

We also get some discussion of China’s “whole of government pressure” against Taiwan, showing how China views the “cognitive domain” as a key nexus of activity:

We also get a bit more about the Information Support Force and its planned collaboration with the Cyberspace Force:

Moving on from Taiwan, we get some coverage of Chinese foreign influence operations, but not much that we haven’t seen before:

I particularly liked the section that fused diplomacy/stratcoms with more traditional covert influence operations (recruiting politicians) as well as online IO in a military context:

Spamouflage and the various PR firms get their requisite section:

We’ll conclude with a recent report from Taiwan’s National Security Bureau on Chinese cyber threats, available here.

This got me pretty hopeful but unfortunately it’s quite short and lacking in depth, content and IoCs. Let’s discuss.

Firstly, this seems very much to be an attempt to counter Chinese stratcoms/IO regarding cyber activity and less of an actual CTI report or even typical government review of hostile foreign activity. The first page lays it out clearly, claiming that China has launched over 2.63 million “intrusion attempts per day” - a metric which I personally can’t stand and is reminiscent of past CVERC reporting, including things like port scanning as intrusion attempts. It looks unprofessional and isn’t really accurate.

Point two claims that China conducts cyber operations to fulfill military and political goals, which is unsurprising. I also would say that aesthetically, the report isn’t great. I’m not a stickler for this usually, but official reports should look a bit better - official branding, better infographics and so on.

We also have weird, atypical phrasing - calling APTs hacker groups instead of APTs, threat actors or other more accepted terms. Not unacceptable in of itself, but just makes it seem less professional.

We also have a section listing a few advisories that have exposed Chinese operations:

Let’s wrap this five pager up. Taiwan is getting into the stratcom game regarding cyber attribution, which is a good idea. Having said that, if they want to have any impact, they need to publish some real reporting with IoCs, or at the very least higher quality high-level reporting

That’s it for this week. Thanks for reading.