Cyber Incident Victim: 健康宝
Date:
Apr 2022
Location:
China
Summary
Beijing's health code system experienced cyber attacks originating from overseas during peak usage periods, with maintenance teams successfully mitigating the threats without service disruption. Similar incidents occurred previously during major international events hosted in the capital, prompting officials to reinforce cybersecurity measures protecting the epidemic prevention infrastructure. The targeted system manages critical personal health data including risk exposure statuses, nucleic acid results, and vaccination records, with public speculation suggesting attacks aimed to compromise resident information and undermine pandemic containment efforts through code manipulation or service interruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 28, 2022, Beijing's Jiankangbao health code system experienced cyber attacks originating from overseas during its peak operational hours. The system, critical for managing COVID-19 prevention measures across the capital, maintained functionality despite the intrusion attempts due to immediate intervention by technical maintenance teams. Authorities disclosed the incident during an official press conference, noting this marked a recurrence of similar foreign-sourced cyber attacks previously encountered during the Beijing 2022 Winter Olympic and Paralympic Games. Officials emphasized their successful historical handling of such incidents while pledging enhanced cybersecurity protections to safeguard epidemic control infrastructure. The timing coincided with intensified health code usage requirements, including newly implemented mandates for ride-hailing services to verify passenger health statuses starting April 25.
Public discussion surged across Chinese social media platforms following the official disclosure, with Weibo users expressing concerns over potential motives behind targeting the health code platform. Netizens speculated attackers sought to harvest sensitive personal information belonging to Beijing residents, undermine epidemic containment efforts, or generate social instability. The Jiankangbao system, operational since 2020, aggregates extensive personal data including real-time health statuses, 14-day travel histories, nucleic acid test results, and vaccination records. It enforces movement restrictions by assigning yellow or red codes to individuals with exposure risks or travel overlaps with confirmed cases, while displaying health reminders for those visiting medium/high-risk areas or arriving internationally. Despite attack attempts, system integrity remained uncompromised, allowing uninterrupted enforcement of Beijing's pandemic control policies.