New research suggests that a series of large-scale cyberattacks on The Epoch Times, starting in January and continuing to the present, are part of a coordinated campaign.
CitizenLab of the University of Toronto published a report on July 5, which detailed the cyberattacks and noted that several Chinese-language news outlets were targeted at the same time, apparently by the same group of hackers, and using the same methodologies.
The Epoch Times runs the largest Chinese-language news outlet not under the control of the Chinese Communist Party, and frequently publishes stories on topics forbidden in China such as the persecution of Falun Gong. The Epoch Times is part of Epoch Media Group, and its sister media, New Tang Dynasty Television (NTD), was also hit with cyberattacks at the same time.
The hackers took several steps in their attempts to breach and disable the targeted websites. They created mirror images of the official websites, with Internet URLs that were only slightly different from the originals. If someone were to misspell the intended website address, they could instead be directed to the fake site, which would then ask for the user’s login credentials—information the hackers were trying to steal.
At the same time, the hackers launched a series of large-scale distributed denial of service (DDoS) cyberattacks against the main websites, which attempted to overload the websites and force them offline. It also included more personal attacks that attempted to compromise computers and social media accounts of individual reporters.
Ronald Deibert, director of The Citizen Lab, wrote in a blog post that while all of the targets were “news websites that publish content critical of the Chinese government,” it is also difficult to attribute the attack to an official state agency. Deibert noted “It is possible the operators behind this campaign are ‘hackers for hire’—typical of the way in which a lot of cyber espionage is outsourced in China.”
The Epoch Times is targeted frequently by the Chinese regime, and methods have included cyberattacks, physical attacks, and threats. Several of the past attacks have been attributed by The Epoch Times to organs of the Chinese Communist Party.
In March, when the cyberattacks were increasing in strength and frequency, Stephen Gregory, publisher of the English-language edition of The Epoch Times, noted they “started just when The Epoch Times began publishing a new series on the Communist Party.”