Cyber Threat Actor: CCP Unmasked
| Actor Type | Location | Known Incidents |
Activist
|
China
|
3 incidents |
|---|
Profile
CCP Unmasked is a hacker group operating under that singular alias, linked to activities targeting entities within China. The group gained attention for breaching three Chinese social media monitoring firms—Yunrun Big Data Service, Knowlesys, and OneSight—in a coordinated August 2020 operation. Their primary objective centered on exposing alleged state-linked disinformation campaigns and surveillance activities, explicitly framing their actions as a challenge to perceived Chinese government interference in democracy through fake news and online monitoring. The actors leaked approximately 40GB of internal documents, including confidential presentations and operational files, which purportedly detailed the companies’ development of tools to monitor global platforms like Facebook and Twitter for "anti-government groups" and opposition parties.
The group’s targeting focused exclusively on private-sector firms providing social media intelligence services, particularly those suspected of collaborating with Chinese intelligence, military, or police agencies. Leaked materials suggested these companies supported monitoring efforts in multiple countries, including potential foreign government contracts. CCP Unmasked employed data exfiltration and public leaking as their core tactic, disseminating documents via Twitter before account suspension under hacked materials policies. While the authenticity of all documents remains unverified, some contained non-public executive contact details matching real accounts, lending credibility to portions of the cache. The operation exposed reputational risks for the victim firms and highlighted potential surveillance capabilities targeting blocked foreign platforms, though no malware, infrastructure details, or specific intrusion methods were disclosed. CCP Unmasked’s affiliation with state or criminal entities remains unconfirmed, with no additional campaigns publicly attributed to the group beyond the 2020 breaches.
