Photo: Screenshot from CCTV

China Central Television (CCTV) is broadcasting a five-episode documentary series on confidentiality and information security awareness from Tuesday to Saturday, with Thursday's episode focusing on cyberattacks and the potential risks of information leaks hidden in everyday work and life.

Introducing the episode, CCTV News said in a report released on Friday that cyber warfare has intensified worldwide over the past 15 years, with cyber espionage aimed at stealing state secrets emerging as a primary objective behind many attacks.

To illustrate the scale and sophistication of such threats, CCTV News cited a case that unfolded in April 2022, when a Chinese university discovered an unusual Trojan program attempting to illegally obtain privileges within its email system. After the university reported the incident, the National Computer Virus Emergency Response Center, together with relevant authorities, quickly formed a joint technical team to investigate.

The findings, CCTV News said, far exceeded initial expectations. Investigators concluded that the cyberattack originated from a foreign government intelligence agency and was aimed at stealing critical technical data, including configurations of key network equipment, network management information and operational maintenance data.

According to the report, the intelligence agency deployed 41 specialized cyberattack tools in pursuit of objectives such as achieving a single-point breakthrough, gradually penetrating target systems and conducting long-term intelligence theft. Among them were 14 different versions of a backdoor tool known as " SlyHeretic," while the attack chain involved more than 1,100 separate intrusion pathways.

As the investigation progressed, authorities uncovered a highly targeted cyber campaign. The intelligence agency allegedly used a platform known as "FoxAcid" to conduct man-in-the-middle attacks against internal hosts and servers at the university, while a remote-control cyber weapon dubbed " NOPEN" was employed to seize control of multiple critical servers.

Further forensic analysis led investigators to identify another cyber espionage tool called "SecondDate." CCTV News said the software was designed to remain resident on network boundary devices such as gateways, edge routers and firewalls for extended periods, enabling malicious functions including traffic sniffing, session tracking, traffic redirection and data tampering.

The documentary noted that only one year after the exposure of the university case, another key Chinese institution became the target of a separate cyberattack launched by an overseas intelligence agency. The operation reportedly lasted nearly a year and involved the deployment of 42 specialized cyber weapons.

To conceal the source of the attack, the perpetrators allegedly employed high-strength encryption algorithms in an attempt to erase traces of their activities. However, CCTV News said the carefully planned and highly covert operation was detected in time, continuously monitored and ultimately disrupted after relevant organizations upgraded their cybersecurity defenses and severed the attack chain.

Beyond these cases, CCTV News cited several other cyber espionage incidents targeting China. In August 2024, an advanced materials design research institution was reportedly attacked, with more than 270 computers infected by control Trojans designed to steal sensitive information. 

In June 2025, the National Computer Virus Emergency Response Center released an investigative report exposing several hacker groups affiliated with the DPP authorities' "Information, Communications and Electronic Force Command" for allegedly conducting cyber espionage activities against the mainland.

CCTV News quoted Du Ye, a professor at Beijing Jiaotong University, as saying that such intelligence-gathering operations primarily target Chinese government agencies, defense sector and scientific research institutions. 

"These espionage activities are mainly aimed at important and sensitive sectors including government affairs, military industries and scientific research," Du said. "The targets include not only Party and government organs and the military, but also research institutes, universities, central state-owned enterprises and other state-owned companies."

He added that the primary objective of these operations is to obtain sensitive technological information, core data intelligence and national strategic planning information, with the ultimate goal of containing China's technological advancement and strategic development.

The documentary also highlighted several common cybersecurity risks that could lead to information leaks, including inserting USB drives from unknown sources into workplace computers, charging mobile phones infected with Trojan malware through office computers, installing internet-downloaded software on classified computers without authorization, and clicking on unknown emails or suspicious web links.

By examining both major cyber espionage cases and everyday security vulnerabilities, the documentary seeks to raise public awareness of information security risks and strengthen cybersecurity vigilance across society.

Global Times