CFR Presents

Asia Unbound

CFR experts give their take on the cutting-edge issues emerging in Asia today.

Print Print Cite Cite
Style: MLA APA Chicago Close


Lynx, Mukden, Mooncakes, and Chinese Hackers

by Adam Segal
September 18, 2013

Freshly-baked mooncakes pass along a conveyor belt at a mooncakes factory in Shanghai on September 12, 2013. (Aly Song/Courtesy Reuters) Freshly-baked mooncakes pass along a conveyor belt at a mooncakes factory in Shanghai on September 12, 2013. (Aly Song/Courtesy Reuters)


After a summer dominated by revelations of U.S. espionage and offensive cyber operations, Chinese hackers are back in the news. Three stories do a good job of illustrating that Chinese hackers are not a monolithic group, but rather multiple actors with manifold motivations.

First, Symantec released a report on a hacker group called “Hidden Lynx,” made up of fifty to one hundred people that has been operating since 2009. The hackers seem to be very sophisticated, targeting more than one hundred organizations around the world, including banks and asset management companies, governments, IT companies, defense contractors, and computer security companies. The most targeted countries and regions are the United States (53 percent), Taiwan (16 percent), mainland China (9 percent), Hong Kong (4 percent), and Japan (3 percent).

The report characterizes the group as a professional organization offering “hacker for hire” services to those seeking competitive advantage at the corporate and national level. The tools and exploits “originate from network infrastructure in China” and the malicious software was written using Chinese code, but the report makes no determination as to whether the group is linked to the Chinese government. Dmitri Alperovitch of CrowdStrike, who uncovered closely related attacks, believes the group works solely for the Chinese government or state-owned enterprises. I would have liked more information on the types of targets in China itself—were they nonprofits the government wanted to monitor more closely? Chinese firms spying on their domestic competitors?

Second, Japanese organizations are preparing for attacks today tied to the anniversary of the 1931 Mukden/Manchurian Incident from the Chinese Honker Union. (The term “honker,” from the Chinese hong ke, means “red” patriotic hacker.) The Japanese Broadcasting Corporation (NHK) reports that the group has identified 270 targets, including government and media websites. The attacks are unlikely to be much more than nuisances—defacing sites with the Chinese flag and messages about the disputed Senkaku/Diaoyu islands.

Finally, Chinese hackers attacked a local government website in Zhejiang Province. The site,, appears to be offline now, but the hackers posted pictures of mooncakes with characters attacking the Chinese Communist Party (CCP) baked into them. The cakes said “Bite to Death the CCP,” “Overthrow CCP,” “Bitterly Hate CCP,” and “Get Lost, CCP.”

In July, the U.S.-China working group on cybersecurity met for the first time. Discussions reportedly touched on international law and norms in cyberspace. These three stories are vivid reminders that even if Beijing and Washington can agree on how states should behave—and that is a very big if—there are many actors who are unlikely to care much about those agreements and will continue to pursue their own interests.

Post a Comment No Comments

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required