Menu
Browse

Cyber Threat Actor: Chinanews Hacker

Actor Type Location Known Incidents
 Icon
Nation State
China
2 incidents
Profile

The threat actor known as Chinanews Hacker is based in China according to open-source reporting. This alias has been associated with two publicly reported cyber incidents that illustrate different operational patterns. In June 2015 the actor was linked to a disruption of a major Chinese state‑owned news agency’s website. The attack caused over an hour of downtime, featured a homepage defacement that included a ransom demand and a Tencent QQ identifier for payment. Persistent formatting problems continued to affect the site and its sub‑channels after the initial compromise. No group claimed responsibility and the victim released few details, but the ransom note indicates a financially motivated extortion attempt.

A separate incident from November 2014 ties the same actor to a large‑scale intrusion into the United States Postal Service network. The breach exposed personal data of more than eight hundred thousand employees, including names, Social Security numbers, addresses, dates of birth and employment records. Federal investigators characterized the activity as espionage‑focused rather than financially driven. The actor’s tooling in this case is described only as sophisticated, with no specific malware families or exploit kits disclosed in the sources. From the news agency attack the observed tactics include website defacement, ransom messaging via bank instructions and instant‑messenger contact, and resulting service disruption. These tactics contrast with the data‑exfiltration focus seen in the Postal Service case, showing a capability to pursue both financial gain and intelligence collection.

Attribution statements in the Postal Service report explicitly note suspicion of links to the Chinese government, providing the only public state‑nexus indication for the actor. No comparable government linkage was asserted in the news agency incident, leaving the actor’s affiliation otherwise unspecified. The two campaigns therefore serve as representative examples of the actor’s range: a financially motivated extortion against a domestic media target and an espionage‑oriented breach of a U.S. federal agency. Together they illustrate targeting that spans the media and government sectors, operates across China and the United States, and pursues both monetary and intelligence objectives as directly cited in the source material.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources