Cyber Threat Actor: Cyberspace Administration of China
| Actor Type | Location | Known Incidents |
Nation State
|
China
|
1 incident |
|---|
Profile
The threat actor known as the Cyberspace Administration of China operates from within the People's Republic of China. The group is also referenced by its official name, which translates to the state body responsible for internet governance and information security in China. No other aliases have been publicly documented in the available sources. The actor's location is consistently identified as China, reflecting its state affiliation. This profile relies solely on the information provided in the prompt and does not extend beyond confirmed details.
The observed activity targeted foreign email providers, specifically Microsoft Outlook's IMAP and SMTP services, affecting users inside China. The attack coincided with a period of heightened censorship efforts aimed at directing users toward government‑monitored local email platforms. No explicit financial motive or disruptive intent is stated in the source material; the focus is on information flow and surveillance. The targeting pattern is consistent with the described censorship context. This reinforces the interpretation that the actor’s actions support state‑directed information control.
The reported tactic involved a man‑in‑the‑middle interception that presented a deceptive pop‑up warning to users of Outlook. If the warning was clicked, the attacker could potentially capture email contents, contacts, and passwords transmitted over IMAP and SMTP. No specific malware families or custom tooling are mentioned in the source; the technique relies on network interception and social engineering via the fake alert. Attribution to the Cyberspace Administration of China comes from the cybersecurity watchdog Greatfire, which linked the incident to Chinese authorities. The 2015 Outlook man‑in‑the‑middle event serves as the sole publicly reported operation that illustrates the actor's typical approach.
