Lynx, Mukden, Mooncakes, and Chinese Hackers
Image Credit: John Loo via Twitter

Lynx, Mukden, Mooncakes, and Chinese Hackers


After a summer dominated by revelations of U.S. espionage and offensive cyber operations, Chinese hackers are back in the news. Three stories do a good job of illustrating that Chinese hackers are not a monolithic group, but rather multiple actors with manifold motivations.

First, Symantec released a report on a hacker group called “Hidden Lynx,” made up of fifty to one hundred people that has been operating since 2009. The hackers seem to be very sophisticated, targeting more than one hundred organizations around the world, including banks and asset management companies, governments, IT companies, defense contractors, and computer security companies. The most targeted countries and regions are the United States (53 percent), Taiwan (16 percent), mainland China (9 percent), Hong Kong (4 percent), and Japan (3 percent).

The report characterizes the group as a professional organization offering “hacker for hire” services to those seeking competitive advantage at the corporate and national level. The tools and exploits “originate from network infrastructure in China” and the malicious software was written using Chinese code, but the report makes no determination as to whether the group is linked to the Chinese government. Dmitri Alperovitch of CrowdStrike, who uncovered closely related attacks, believes the group works solely for the Chinese government or state-owned enterprises. I would have liked more information on the types of targets in China itself—were they nonprofits the government wanted to monitor more closely? Chinese firms spying on their domestic competitors?

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Second, Japanese organizations are preparing for attacks today tied to the anniversary of the1931 Mukden/Manchurian Incident from the Chinese Honker Union. (The term “honker,” from the Chinese hong ke, means “red” patriotic hacker.) The Japanese Broadcasting Corporation (NHK) reports that the group has identified 270 targets, including government and media websites. The attacks are unlikely to be much more than nuisances—defacing sites with the Chinese flag and messages about the disputed Senkaku/Diaoyu islands.

Finally, Chinese hackers attacked a local government website in Zhejiang Province. The site,, appears to be offline now, but the hackers posted pictures of mooncakes with characters attacking the Chinese Communist Party (CCP) baked into them. The cakes said “Bite to Death the CCP,” “Overthrow CCP,” “Bitterly Hate CCP,” and “Get Lost, CCP.”

In July, the U.S.-China working group on cybersecurity met for the first time. Discussions reportedly touched on international law and norms in cyberspace. These three stories are vivid reminders that even if Beijing and Washington can agree on how states should behave—and that is a very big if—there are many actors who are unlikely to care much about those agreements and will continue to pursue their own interests.

Adam Segal is a Maurice R. Greenberg Senior Fellow for China Studies at the Council on Foreign Relations. He blogs at Asia Unbound, where this piece originally appeared. Follow him on Twitter @adschina. 

Sign up for our weekly newsletter
The Diplomat Brief