Source guide

China: Cyber Activities Probably Prelude to Election Espionage

A July 1, 2020 CIA World Intelligence Review assesses Chinese cyber collection against a U.S. presidential campaign and other election-related entities, while judging that China did not then intend covertly to sway the election.

Open full source PDF ↗ 2 pages Image source text
01

Collection focused on campaign policy insight

The review assesses that China was probing a presidential campaign to improve intelligence collection and understand policy positions on U.S.-China issues, placing the activity within a longer history of Chinese collection against U.S. presidential campaigns.

“China is probing the presidential campaign for opportunities to tailor collection and gather insight on policy positions on US-Chinese issues.”
Key judgment
Source: page 1 ↗
02

Direct campaign targeting, with a qualified intent assessment

The Intelligence Community reported detecting Chinese state-sponsored cyber actors targeting the former Vice President's campaign, probably to support intelligence collection and possible future operations. It separately assessed that China did not then intend covert interference to sway the result, while warning that the observed access-seeking activity could enable interference if Beijing later chose it.

“the IC has detected Chinese state-sponsored cyber actors targeting the former Vice President’s presidential campaign, probably to gather intelligence that could enable future operations”
Analytic assessment
Source: page 1 ↗
“The IC assesses that China does not currently intend to covertly interfere to try to sway the outcome of the election”
Intent assessment
Source: page 1 ↗
“although this activity could enable such operations, if Beijing made a decision to do so.”
Assessment qualifier
Source: page 1 ↗
03

Collection from election-related data holders

The review states that Chinese cyber actors had collected election-related information from voter databases and a range of political, nonprofit, polling, fundraising, and campaign-advisory organizations during the preceding year.

“Chinese cyber actors have collected US election-related information from US voter databases, a polling data company, political and nonprofit organizations, fundraisers, and advisory organizations for political campaigns”
Reported collection activity
Source: page 1 ↗
04

Spear-phishing and tracking-link purpose

The document says APT31 sent campaign staff spear-phishing emails containing tracking links; Google publicly said the attempts were unsuccessful. Analysts explained that merely opening such an email could confirm an active account and help narrow future targets.

“Google officials have publicly stated that the spear-phishing attempts were unsuccessful”
Reported outcome
Source: page 1 ↗
“If a target opened a spear-phishing e-mail with a tracking link—even without clicking on any link—it would confirm an active account for the cyber actors”
Technical assessment
Source: page 2 ↗