China’s Top Spy Agency Warns Of “Cloud Espionage”; Says Foreign Intel Agencies Waiting To Pounce On Data

China’s top intelligence agency has issued a stern warning to government officials about the dangers of storing classified information on cloud services, noting the significant risk of data breaches by foreign spies. 

The Ministry of State Security highlighted this concern on June 5 in a statement posted on its official WeChat account, describing cloud data as a “major focus of foreign spy agencies.”

The ministry’s statement outlined various methods employed by foreign espionage operatives to compromise sensitive information. These methods include cyberattacks and the insertion of Trojan horse viruses, which pose a serious threat to both personal privacy and national security.

The agency referenced several incidents involving government officials who had stored classified information on cloud storage platforms, citing their “weak security awareness.” 

Although the ministry did not specify whether these cases directly involved espionage or detail the exact nature of the punishments administered, the officials involved were disciplined.

In an effort to mitigate these risks, the Ministry of State Security urged officials and employees in government departments handling classified information to avoid the storage, processing, transmission, and discussion of confidential data via the Internet, mobile phones, and cloud storage services. 

The ministry advised that if cloud drives must be used, all sharing should be disabled, documents should be encrypted, passwords should be changed frequently, and the automatic backup option should be turned off.

The agency also reiterated existing laws on state secrets and data security, calling on the public and government bodies to heighten their awareness, strengthen their understanding, fulfill their obligations, and take responsibility for protecting sensitive information.

The warning did not single out any specific cloud service providers where the threat is particularly high. In fact, Chinese companies dominate the market.

Alibaba Cloud, Huawei Cloud, Tencent Cloud, and Baidu AI Cloud together account for 79% of the total expenditure in China’s cloud services market. American companies like Amazon Web Services (AWS) and Microsoft Azure also have a presence in China.

While the directive could potentially cause a setback for cloud service providers, the extent of this impact remains uncertain. 

China Ramps Up Its Anti-Espionage Campaign 

This warning is part of a broader initiative by China’s anti-espionage authorities to remind citizens of potential behaviors that could inadvertently lead to the leakage of sensitive information. 

Previous directives have explained that confidential documents should not be taken out of workplaces and that state secrets should not be transmitted via mobile phones. The ministry has made it clear that any actions endangering national security will face legal consequences.

Beijing has a series of rules and regulations to counter foreign spy activities. For instance, in 2021, China enacted a comprehensive data security law that penalizes companies for sending national “core data” abroad without Beijing’s approval. This law also mandates government departments to maintain confidentiality and adhere to regulatory responsibilities.

The law defines “core data” broadly, encompassing information related to national and economic security, public welfare, and key public interest matters.

An updated anti-spy law took effect last July, expanding the definitions of espionage and enhancing the investigative powers of state security agencies. Additionally, a revised law on guarding state secrets came into force last month, incorporating over a dozen new provisions to broaden its scope.

Photo: Courtesy of China's Ministry of State Security
Photo: Courtesy of China’s Ministry of State Security

Over the past year, the Ministry of State Security has increased its activity on social media to warn of foreign spy threats, educate the public about security, and encourage sharing information on suspicious activities.

Earlier this week, the ministry highlighted an alleged espionage case involving the British Secret Intelligence Service, known as MI6. 

In April, Minister of State Security Chen Yixin stated that the ministry would safeguard “traditional” security areas, such as political, economic, and military security, as well as “non-traditional” areas, including biosecurity, data security, and artificial intelligence.

The ministry also cautioned about other risks, including foreign non-governmental organizations and foundations potentially stealing “environmental data” from China under the pretext of research and environmental protection.

Last month, the agency also issued a warning about foreign espionage agencies targeting the country’s rare-earth industry. These agencies are reportedly engaging in theft and sabotage, posing a significant threat to the security of China’s natural resources. 

China’s Ministry of State Security also vowed to crack down on illegal activities to safeguard national security and ensure the sustainable development of the rare-earth industry.