The Cyberspace Administration of China (CAC) says it has detected a wave of cyberattacks originating from US IP addresses that are using compromised Chinese resources to target Russia.
In a statement on the CAC website, the agency said:
“Since late February, our country’s internet has faced continuous attacks from overseas sources. Overseas actors have compromised computers in China and then launched cyberattacks against Russia, Ukraine, and Belarus. After analysis, many of these source addresses are located in the United States.”
According to the CAC, more than ten attacking addresses come from New York alone, with peak attack traffic reaching approximately 36 Gbps. The agency reports that about 87 percent of the attacks were directed at Russia, which suggests the attackers may be acting in support of Ukraine’s defense against the invasion.
A smaller portion of the attacks targeted addresses in countries such as Germany and the Netherlands. The CAC suggests those attacks could be carried out by groups sympathetic to Russia and aimed at nations providing humanitarian aid, defensive supplies, or refuge to people fleeing the conflict.
China has not publicly endorsed or condemned Russia’s invasion of Ukraine. That neutral posture — notable given China’s history of closer ties with Russia — appears motivated in part by concerns about its international standing and the economic fallout that sanctions and corporate withdrawals have caused for Russia, including restricted access to key technologies and components.
As evidence of alleged abuses and war crimes accumulate and the conflict becomes more severe, Beijing may increasingly distance itself from Moscow. Observers have noted a gradual shift in language within Chinese state media that reflects growing discomfort with the invasion as the situation escalates.
There is also a possibility that attackers are deliberately using US-based IP addresses to inflame East-West tensions or to influence perceptions and pressure Beijing to take a clearer stance in favor of Russia.
Most of the IP addresses cited by the CAC are hosted by US carriers. The reported peak of 36 Gbps is modest compared with large-scale distributed denial-of-service attacks measured in terabits per second, which indicates either the attackers lacked the intent or capacity to inflict major disruption or that they are not yet operating at the level of the most capable threat actors.
(Photo by Clint Patterson on Unsplash)
Interested in learning more about cybersecurity from industry experts? Consider attending the Cyber Security & Cloud Expo series, which features sessions on cyber defence, cloud technologies, and enterprise security trends.
Explore other upcoming enterprise technology events and webinars hosted by TechForge for additional learning and networking opportunities.