When the lights go out: increasing cyber-espionage and disruption in energy industries (part 2).

Share on facebook
Share on twitter
Share on linkedin
Share on reddit


China is the world’s largest energy consumer and its hunger for energy is ever growing. Mass-migration into big cities, rapid economic growth and a massive manufacturing industry have all contributed to the increase in the need for power. Currently, China relies greatly on coal as its energy source. The huge consumption of coal is the main reason for China’s position as the greatest contributor to global warming, emitting around one-quarter of all greenhouse gasses. The Chinese government has expressed the will to cut down these numbers and transferring away from coal to cleaner sources of energy. At the same time, China is by far the world’s leading country in renewable energy sources, such as wind and solar power, and has ambitious plans for nuclear energy. Besides from the beneficial long-term effects on the halting of global warming that come with the transfer from non-renewable to renewable sources, the Chinese population can also benefit on the short-term. The cities they live in are dealing with extreme air pollution; of the 100 most polluted cities worldwide, 48 are Chinese. Clean energy sources have the ability to improve quality of life and public health for the Chinese. To get to the point that China can call itself carbon-neutral, the Chinese government has formulated a plan in which science and new technologies have dominant roles1.

That is the part where China’s vast offensive cyber-capabilities come in. China has active policy in place to acquire western technology and intellectual property as part of the grand strategy Made in China 2025. China’s cyberspace operations are part of a complex, multipronged technology development plan that uses licit and illicit methods to achieve its goals, as shown in figure 1. This strategy applies to the energy industry as well. The science and new technologies China needs to reach it long-term goals in the energy sector would take years of development and huge sums of money. If these can’t be achieved through licit ways such as academic collaborations, building start- and scaleup ecosystems, the merging of companies or joint ventures, why not use their highly skilled APTs instead? This saves loads of time and money while the chances of getting caught and facing consequences are low. In this way, China can get its hands on the most valuable and sensitive business information.


Figure 1 – China’s strategy on acquiring foreign technology and intellectual property.


Even though China’s main focus has been on espionage and information theft, recent reports have also outed suspicions of Chinese attacks on critical infrastructure with the goal of disruption2. Only last year, India fell victim to a cyber-attack on their power grid. There are signs that this was done by China, with whom India is in a border conflict, to send a threatening message to their enemy3. Incidents of disruptive cyber-attacks are more frequently outed by the victims or governments, partly because of their sometimes immediate impact on society. Information on incidents of cyber-espionage is less eagerly being communicated by the organizations that fell victim to them, wanting to protect their integrity. However, this doesn’t mean that there are less espionage attacks – they are just harder to find.

Hunt & Hackett outwits hostile APTs by tracking and anticipating their preferred attack methods (TTPs) and tools. Hunt & Hackett is aware of 69 APT-groups that have been linked to China and are currently or previously targeting energy or related businesses. It’s worth noting that some of them are no longer operational or haven’t been detected by other security providers in the last few years. Hunt & Hackett has identified 489 TTPs and 490 Tools used by these 69 Chinese APTs.

Read more

Explore the site

More from the blog

Latest News