Cyber Threat Actor: Strategic Support Force of the People's Liberation Army

The Strategic Support Force (SSF) of China's People's Liberation Army (PLA) has been publicly linked to cyber operations targeting diplomatic and governmental entities. This military-affiliated actor has demonstrated a focus on compromising foreign policy coordination systems, with documented incidents revealing intrusions into European Union diplomatic networks. The SSF's operations have primarily targeted government institutions involved in international relations, including foreign ministries, intergovernmental organizations like the United Nations, and entities tied to financial governance or policy development. Security reporting indicates their objective centers on accessing sensitive diplomatic communications and strategic intelligence, aligning with broader state-level espionage priorities rather than financial gain or disruptive aims.

One notable campaign attributed to this actor involved phishing attacks against the Ministry of Foreign Affairs of Cyprus in December 2018, leading to unauthorized access to the EU's COREU messaging system. This network facilitates confidential foreign policy coordination among EU member states and affiliated organizations. The operation extended to compromising trade unions, financial ministries, and policy think tanks, leveraging common vulnerabilities rather than advanced technical exploits. Security researchers characterized the SSF's approach as reliant on established social engineering techniques for initial access, particularly phishing, to infiltrate target networks. Public attribution by cybersecurity firms directly links this activity to China's Strategic Support Force, highlighting its role in conducting cyber operations aligned with state interests. The campaign exemplifies the actor's persistent targeting of diplomatic channels to acquire foreign policy intelligence.