On April 9, a serious and detailed warning about state-backed hacking was published by some of the world’s top intelligence agencies.
A Global Warning on Hidden Digital Threats
These included the United States’ National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the United Kingdom’s Government Communications Headquarters (GCHQ), Australia’s Signals Directorate, and Germany’s Federal Intelligence Service (BND) and Domestic Intelligence (BfV).
These agencies belong to what is known as the “Five Eyes” intelligence alliance, with Germany joining as a partner in this hacking-related warning.
This report looked closely at a powerful hacking group called Moonshine, which is believed to work secretly under the control of authorities in Beijing. The hackers have been linked to hacking attacks on groups such as Uyghurs and Tibetans, among others.
This group is not officially part of the Chinese government but is what experts call a “para-state” actor. That means they operate like an extension of the state without being openly connected to it.
Explosive Fallout from Five Eyes: Is Canada Being Kicked Out Under Trump’s Influence?
The warning released by these agencies built on an earlier investigation published in January by Intelligence Online. That investigation had found a link between this hacking group and a Chinese company named Sichuan Dianke Network Security Technology.
This company is also known as Sichuan UPSEC Technology, or just UPSEC. The connections between UPSEC and the hacking group were made by carefully studying technical data, internet footprints, and patterns of digital behavior.
UPSEC, which was established in 2018, presents itself as a cybersecurity business. It claims to work both to defend and to attack in cyberspace. In official messages written in Mandarin, the company openly says it works with many public security departments across China. It also works closely with one of China’s top technology universities to run research centers focused on security. These centers are known as the Kongming Security Laboratory and the Yufeng Security Laboratory.
Link Between UPSEC and the Hacker Group
Trend Micro, a Japanese cybersecurity firm, had previously identified a hacker group named Earth Minotaur. This group was carrying out targeted cyberattacks on vulnerable communities, including Uyghurs and Tibetans. These attacks were not random but aimed at gathering sensitive information from specific groups.
China’s Veiled Warning to US; WZ-9 Drone Could Detect F-35 and B-21
The new joint report by the Five Eyes alliance and German intelligence agencies confirms that Earth Minotaur and another group known as Moonshine are in fact the same. The report also highlights strong connections between this hacker group and a Chinese company called UPSEC.
UPSEC is believed to play a central role by supplying the tools, services, and even training used in these cyber operations. AUPSEC expanded its skills by acquiring Chengdu Anmo Technology, another cybersecurity company, around five years ago. The company now operates under a “school-business cooperation” model, working closely with universities.
An important partner is China’s University of Electronic Science and Technology. Together, they have created advanced research labs that likely support the development of cyber tools used in these attacks. This partnership allows UPSEC to operate behind the scenes while contributing to large-scale, state-supported hacking campaigns.
China’s Provocative War Drills and Military Power Show Near Taiwan Escalates Tensions of Conflict
Silence from France Despite Being Targeted
One surprising part of the report is that France’s two main intelligence agencies did not sign the warning, even though past investigations showed cyberattacks had also targeted France. French agencies are usually very cautious about blaming countries like China unless they have full proof and are ready for political consequences.
This cautious approach explains France’s silence, even as the Five Eyes and German agencies chose to go public. Their joint report confirms a well-organized hacker group, backed by Beijing, is targeting not just political figures but also ethnic and religious groups like Uyghurs and Tibetans.
These cyberattacks are hidden but harmful, often collecting personal data and spying on people. With support from companies like UPSEC and Chinese universities, these hackers operate under the cover of legitimate business activities, making them harder to detect.