Thursday, September 9, 2021

China Restricts East China Sea Airspace Amidst Regional Military Partnerships, Cyber Espionage

0
Share

China over the weekend imposed contentious airspace restrictions over the disputed Senkaku Islands. The event was preceded by a series of regional military partnerships and arms contracts as well as cyber espionage against Japan attributed to Chinese hackers for hire.

This is the just the latest in a series of sovereignty flare ups between China and Japan over the small, East China Sea islands. There were also early alarm bells if you were looking in the right places.

Back on September 10, the Japanese air force monitored a Chinese drone over the East China Sea. Later in September, the Jamestown Foundation reported an incident over the Miyako Strait as ”the largest-ever formation of Chinese military aircraft to transit the area, and the first to be repeated on successive days.”

Two weeks ago, reports out of Japan warned of Chinese plans for establishing an ‘air defense identification circle’ while on November 16 a PLA Air Force TU-154 surveillance plane reportedly flew within 150 km of the islands.

 

Timeline two weeks prior to Chinese airspace claims – see live visualization

Interestingly, as you’ll see above, after both events took place the Chinese government made applications for the PLA’s Air Force available for online submission. Lots of propaganda to fuel recruitment.

The weeks prior to Chinese action on airspace over the Senkakus were also not idly spent by military officials as they actively engaged with regional partners. The below network graph from Recorded Future shows a variety of arms sales and military partnerships. These include deals for anti-aircraft missile defenses with Turkey, Pakistan, and Taiwan as well as exercises or meetings with Air Force personnel from Thailand, Indonesia, and South Korea.

View this in contrast to Japan’s activity during the same timeframe: deteriorating ties with neighbor and balancing military power South Korea and support for its tragically devastated ally in the Philippines. Let’s be clear that this author doesn’t feel Japan’s relief efforts in Philippines are ill spent but do lay bare the difference in priorities compared to China, whose paltry aid package to the Philippines was embarrassing.

 

Political and Military Relationships – see live visualization

Separately, cyber espionage by Chinese entities factor interestingly into the timing of this military move. This piece provides useful insight on the timing of Chinese cyber attacks including:

October 3, US Defense Secretary Chuck Hagel met with officials in Tokyo to formalize a joint cybersecurity initiative; at the same time, Hagel “reaffirmed  his country’s view that the Senkaku Islands were covered by the Mutual Defense Treaty between his country and Japan.”

The below timeline of cyber events affecting Japanese entities includes the work of hacktivists without state affiliation, but at the same time, shows several operations of note:

  • The China-based Honker Union targeting Japanese government sites on September 18, the anniversary of the Manchurian Incident. This planned event ultimately passed with relatively little impact compared to the same campaign in 2012.
  • On September 26, researchers at Kaspersky Lab released a report on Icefog, an APT believed to be a squad of hackers from China, Japan, and South Korea. Attacks started back in 2011 and continue against government and corporate targets in Japan and South Korea from government agencies to strategic companies. More details are available on Icefog following the embedded timeline.
  • An exploit (CVE-2013-3893) was reported on November 14 for Japan’s most popular word processing software Ichitaro linked to malware used by a previously known Chinese group that hacked and stole data from the New York Times last year.

 

According to Kaspersky, which reported on the IceFog APT group:

– The attackers hijack sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim’s network.

– Based on the profiles of identified targets, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, computer and software development, research companies, telecom operators, satellite operators, mass media and television.

Foreign Policy reports that China’s move for control of airspace over the Senkakus has been received a favorable public response based on analysis of Chinese social network Sina Weibo. The international response will be worth watching very carefully: the U.S. went ahead with a previously planned exercise flying B-2 bombers over the disputed Senkakus while both British Prime Minister David Cameron and U.S. Vice President Joe Biden visit China next week, the latter as part of a tour that also includes stops in Japan and South Korea.

You can separately monitor cyber attacks or threats against Japanese assets since as security blogger Ken Buckler writes: “It is clear any modern war will now include cyber warfare capabilities.”