China: Cyber Activities Probably Prelude to Election Espionage
A July 1, 2020 CIA World Intelligence Review assesses Chinese cyber collection against a U.S. presidential campaign and other election-related entities, while judging that China did not then intend covertly to sway the election.
The review assesses that China was probing a presidential campaign to improve intelligence collection and understand policy positions on U.S.-China issues, placing the activity within a longer history of Chinese collection against U.S. presidential campaigns.
“China is probing the presidential campaign for opportunities to tailor collection and gather insight on policy positions on US-Chinese issues.”
Direct campaign targeting, with a qualified intent assessment
The Intelligence Community reported detecting Chinese state-sponsored cyber actors targeting the former Vice President's campaign, probably to support intelligence collection and possible future operations. It separately assessed that China did not then intend covert interference to sway the result, while warning that the observed access-seeking activity could enable interference if Beijing later chose it.
“the IC has detected Chinese state-sponsored cyber actors targeting the former Vice President’s presidential campaign, probably to gather intelligence that could enable future operations”
The review states that Chinese cyber actors had collected election-related information from voter databases and a range of political, nonprofit, polling, fundraising, and campaign-advisory organizations during the preceding year.
“Chinese cyber actors have collected US election-related information from US voter databases, a polling data company, political and nonprofit organizations, fundraisers, and advisory organizations for political campaigns”
The document says APT31 sent campaign staff spear-phishing emails containing tracking links; Google publicly said the attempts were unsuccessful. Analysts explained that merely opening such an email could confirm an active account and help narrow future targets.
“Google officials have publicly stated that the spear-phishing attempts were unsuccessful”
“If a target opened a spear-phishing e-mail with a tracking link—even without clicking on any link—it would confirm an active account for the cyber actors”