Search

Leaked Technical Documents Show China Rehearsing Cyberattacks on Neighbors’ Critical Infrastructure

Cyber threats and incidents
By John Kevin Hao

Related

Founders, Analysts & Industry Voices

Dutch Intelligence Warns China’s Cyber Capabilities Now Equal to the US

What happened The Netherlands' Defence Intelligence and Security Service, known...
Read more
Cyber threats and incidents

Hackers Claim Theft of 10 Petabytes From China’s Tianjin Supercomputing Center

What happened Hackers are claiming they stole more than 10...
Read more
Cyber threats and incidents

EU Sanctions Chinese and Iranian Firms Over Cyberattacks Targeting Member States

What happened The European Union imposed sanctions on two China-based...
Read more
Cyber threats and incidents

Medtech Giant Stryker Offline After Iran-Linked Wiper Malware Attack

What happened Medical technology company Stryker confirmed that portions of...
Read more
Cyber threats and incidents

China‑Linked “Amaranth‑Dragon” Exploits WinRAR Flaw in Targeted Espionage Campaigns

What happened A previously undocumented China‑linked cyberespionage cluster tracked as...
Read more

Share

What happened

Leaked internal technical documents indicate that China has been rehearsing cyberattacks against the critical infrastructure of its closest neighboring countries. According to the report, the materials describe a secret training platform known as “Expedition Cloud” designed to simulate network environments of potential target systems. The cache includes source code, training data, and software assets that recreate replicas of networks in sectors such as power, energy transmission, transportation, and smart home infrastructure. The platform supports “reconnaissance groups” and “attack groups” by allowing operators to practice offensive operations against these simulated environments. Independent experts consulted for the reporting expressed high confidence in the authenticity of the files and noted that the platform’s architecture suggests intentional preparation of offensive capabilities rather than defensive simulation. The documents were exposed on an unsecured FTP server tied to a developer’s machine containing malware, and were first reported by the specialist blog NetAskari before coverage in Recorded Future News. 

Who is affected

Critical infrastructure operators in countries neighboring China could be affected if real-world offensive cyber operations — rehearsed using the disclosed platform — are conducted against their networks; the platforms simulated include replicas of power, energy, transportation, and smart home systems. 

Why CISOs should care

The existence of an offensive cyber range focused on critical infrastructure rehearsals highlights the strategic intent of threat actors to plan and refine sophisticated attacks prior to execution, a factor that underscores the evolving landscape of state-aligned cyber capabilities and potential preparatory targeting. 

3 practical actions

  • Assess threat intelligence feeds. Integrate updates on foreign state rehearsal platforms to adjust defensive postures. 
  • Strengthen critical infrastructure defenses. Review and harden protections around systems in energy, transportation, and industrial control sectors. 
  • Enhance monitoring for reconnaissance behavior. Detect early signs of external scanning or probing against replicated environments similar to those described. 
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Critical Ivanti EPMM Vulnerabilities Lead to Fast-Moving Exploitation Attempts
Next article
Conduent Data Breach Balloons, Affecting Millions More Americans

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.