Cyber Incident Victim: Tianwang
Date:
Aug 2015
Location:
China
Summary
A Chinese rights and citizen journalism website experienced a disruptive cyberattack targeting its contributor interface, preventing article publication and registration functionality. The attack forced operations to shift to internationally blocked social media platforms. Concurrently, another rights monitoring platform reported domain cancellations and blocking of its U.S.-hosted site amid repeated domain changes. These incidents occurred alongside heightened regulatory measures including proposed cybersecurity laws expanding state control over online content and new requirements for publishers to engage with authorities over disputed material. Both platforms focused on documenting government corruption, rights abuses, and suppressed narratives within China's controlled media environment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 18, 2015, the Tianwang citizen journalism and rights advocacy website based in Sichuan province experienced a disruptive cyberattack that paralyzed its operational capabilities. Unknown hackers targeted the site’s contributor interface, preventing journalists and activists from posting new articles or accessing registration functions starting around 10:00 a.m. local time. Founder Huang Qi confirmed the homepage and existing articles remained accessible, but the inability to update content severely hampered the site’s core function of disseminating reports on rights abuses, land disputes, and detainee mistreatment—topics routinely censored in state-controlled media. Tianwang temporarily circumvented the disruption by publishing articles on Google+ and Facebook, though these platforms were inaccessible to most mainland Chinese users due to government blocking. The attack occurred amid the detention of at least four Tianwang-affiliated citizen journalists, as documented by Reporters Sans Frontieres, reflecting broader state suppression of independent reporting. Huang attributed the attack to Tianwang’s focus on exposing injustices against marginalized groups, including retired military personnel, displaced farmers, and political prisoners.
Simultaneously, the Watchdog Net for Citizens and Public Opinion—another rights platform—faced a separate but related disruption when its U.S.-based domain was blocked and its Chinese registration canceled. Founder Li Xinde reported the site, which specialized in anti-corruption investigations and government oversight, had changed domains over 50 times in 2015 alone to evade censorship. These incidents coincided with Beijing’s legislative push to tighten internet controls, including a draft cybersecurity law emphasizing “cyberspace sovereignty” and regulations requiring online publishers to attend mandatory meetings with officials if content was deemed “false” or “inappropriate.” The Cyberspace Administration explicitly threatened sanctions for publishing material on topics such as “rumors” or “pornography,” employing the “drink tea” intimidation tactic traditionally used against dissidents. While no group claimed responsibility for the Tianwang attack, the technical blockade of contributor access and domain-level filtering aligned with the state’s escalating legal and technical measures to suppress critical online discourse.