China has faced accusations from Western officials and cybersecurity experts regarding its involvement in aggressive cyber activities. Leaked technical documents reveal insights into China’s preparations for cyberattacks, including a training platform to simulate attacks on neighboring countries’ critical infrastructure. The platform, known as “Expedition Cloud,” allows attackers to practice hacking replicas of real network environments in the South China Sea and Indochina regions.
The leaked cache of documents specifies the recreation of target networks in sectors like power, energy transmission, transportation, and smart home infrastructure. It emphasizes the evaluation of reconnaissance and attack groups without a defined role for defenders. By rehearsing attacks on critical infrastructure in advance, China gains a strategic advantage in cyber operations. The platform’s design suggests a growing use of artificial intelligence, potentially enhancing China’s cyber capabilities.
Experts note that the existence of this offensive platform contradicts Chinese officials’ claims of non-involvement in cyber attacks. The platform divides cyber operations into two teams – reconnaissance and attack groups – to simulate and test scenarios repeatedly under controlled conditions. The reconnaissance team maps the digital environment, identifying systems, exposed services, and potential access paths for the attack team.
