The Backdoor

Before we go any further, an honest preface, because cyber attribution is where careful writing earns its keep. Almost everything in this installment is qualified by a phrase like “the researchers assessed with medium confidence,” or “the infrastructure was registered to,” or “the pattern of activity is consistent with.” That is not weakness in the reporting. It is the actual language of network forensics, and it is the language a serious reader has to be willing to live inside. The claim of this installment is not that Tsinghua University’s president sat at a console and ordered the keystrokes. The claim is that Western cybersecurity researchers, working publicly, have repeatedly identified network infrastructure operated by Tsinghua as the source point for sustained espionage activity against foreign targets. That claim is well supported, and I will lay out the evidence.

What “Originating From Tsinghua” Actually Means

The phrase that will recur in this installment is “infrastructure registered to Tsinghua University.” A reader who is not a network engineer is owed an explanation of what that phrase means, because the entire argument turns on it.

Every device on the public internet has a numeric address. Those addresses are allocated in large blocks to organizations — companies, governments, universities — and the allocations are published in public registries. When a cybersecurity researcher writes that a particular probe or attack came from a particular address, they can look up which organization the address is registered to and name them. The address Recorded Future cited in the case at the center of this installment, 166.111.8.246, was registered to Tsinghua University. That is a verifiable fact.¹

What a registered address does not, by itself, prove is who specifically inside that organization was at the keyboard. A university’s network can be used by faculty, by students, by visiting researchers, by contractors, and — if it has been compromised — by an outside threat actor who has taken over a machine without the university’s knowledge. This is the steelman defense, and it deserves to be taken seriously. The strongest version of the “not really Tsinghua” argument is that Tsinghua’s network is so vast and so central to Chinese academic computing that activity merely routed through its address space cannot be cleanly attributed to the institution itself.

That defense matters. It is also incomplete. And here is why.

The CERNET Detail

Tsinghua University is not an ordinary node on the Chinese academic internet. It is the operator of the Chinese academic internet. The China Education and Research Network, known by the acronym CERNET, is the national academic backbone funded by the Chinese government and managed by the Ministry of Education. CERNET’s nationwide operations center is located at Tsinghua University, and Tsinghua University constructs and operates the network in partnership with other leading Chinese institutions.²

Read that twice. The argument that “Tsinghua is just an unfortunate landlord whose network was misused” runs into the fact that Tsinghua is the landlord, the building manager, the security desk, and the wiring inspector of the entire Chinese academic internet. Wu Jianping, the chair of computer science at Tsinghua, is also chairman of the CERNET Technical Board and director of the CERNET center. The university is not adjacent to Chinese academic network operations. It is Chinese academic network operations.³

So when researchers find years of espionage activity emanating from Tsinghua-registered address space, the institutional question is not whether Tsinghua noticed. The question is whether the operator of the country’s academic backbone, with all the visibility into its own traffic that role implies, noticed and did nothing — or noticed and was complicit. There is no third option that survives sustained examination.

The Recorded Future Report

In August 2018, the threat-intelligence firm Recorded Future’s Insikt Group published a report titled Chinese Cyberespionage Originating From Tsinghua University Infrastructure. The three named authors were Sanil Chohan, Winnona DeSombre, and Justin Grosfelt.⁴

The report is freely available on the company’s website and has been the subject of academic citation, podcast interviews with the authors, and follow-on reporting in Threatpost, The Cyberwire, SecurityWeek, and The Epoch Times since. It has stood in the public record for seven years.

The investigation began with the Tibetan diaspora. Insikt Group researchers, following on Citizen Lab’s earlier work documenting cyberespionage against the Tibetan community in India, discovered a previously unknown Linux backdoor they named ext4 — chosen by its authors to camouflage itself as a routine Linux filesystem driver.

The backdoor was deployed against the same Tibetan victim group Citizen Lab had been tracking. And when Insikt Group analyzed the backdoor’s communication patterns, the malicious software repeatedly attempted to contact a single compromised CentOS server. The server was registered to Tsinghua University.⁴

Following the thread from that one address opened a larger picture. The same Tsinghua-registered infrastructure had been conducting active network reconnaissance — the systematic probing of networks for vulnerabilities — against targets that read like a list of Chinese state foreign-policy priorities.

Read the next box carefully. The targets are not random, and the timing is not coincidence.

Look at the right column. Every target on this list is sitting at the precise intersection of a Chinese state strategic interest and an active foreign-policy moment.

Alaska was scanned during Alaska’s gas-export negotiation with China.

Kenya was scanned during Kenya’s Belt-and-Road negotiation with China — and the scanning intensified after Kenya said no to the free-trade agreement.

Brazil was scanned in the weeks immediately after construction began on a Chinese-financed port.

Daimler was scanned the day after Daimler became the first Western company to publicly tie its sagging profits to the U.S.-China trade war.

This is not a graduate student playing with port scanners. This is reconnaissance keyed to Chinese state policy in something resembling real time.

Recorded Future’s formal attribution language was careful: medium confidence that the threat actor using the Tsinghua infrastructure was conducting cyberespionage on behalf of the Chinese state, with the consistent geographic and temporal alignment to Belt and Road priorities serving as the primary indicator.⁴ That careful language is in fact the strongest version of the claim that responsible attribution work permits.

And the report’s public availability has stood for seven years now without, so far as I have been able to find, a substantive public rebuttal from Tsinghua, from CERNET, or from the Chinese Ministry of Foreign Affairs.

RedAlpha: From Tibet to Global Human Rights

The Tsinghua-infrastructure finding was, importantly, not the beginning of the investigation. It was the place the investigation ended up. The beginning was the Tibetan diaspora.

The Tibetan community has been the target of sustained cyberespionage from Chinese state-linked actors for more than a decade. It is the place where the moral weight of this story sits, and it is the place a reader who wants to understand what the corridor’s fourth lane is for has to be willing to look first.

The Citizen Lab at the University of Toronto’s Munk School of Global Affairs has spent more than ten years documenting digital surveillance of the Tibetan community. In January 2018, they published a detailed report on a malware campaign against Tibetan activists, journalists, members of the Tibetan Parliament in exile, and the Central Tibetan Administration — the exile government in Dharamsala.⁵

The campaign used spear-phishing emails with malicious Microsoft PowerPoint and Rich Text Format attachments to deliver remote-access malware to its targets. The targets were monks. Parliamentarians. Journalists. The civil servants of a government in exile.

It was that Citizen Lab campaign — combined with Insikt Group’s own subsequent RedAlpha reporting in June 2018 — that researchers eventually linked back to the Tsinghua infrastructure. The connection ran through specific malicious domain registrations, shared command-and-control infrastructure, and overlapping victim profiles.

The campaign Recorded Future named RedAlpha — tracked by PricewaterhouseCoopers under the designation Red Dev 3 — has been active since at least 2015 and remains active today.⁶

And in the years since the 2018 reporting, RedAlpha did not narrow. It broadened. An August 2022 Recorded Future report, shared first with MIT’s Technology Review, documented the group’s expansion beyond the Tibetan diaspora. The target list now reads as a comprehensive map of the institutions the Chinese Communist Party considers most threatening to its internal narrative about itself.

The Party calls them the five poisons: Tibetans, Uyghurs, Taiwanese, democracy activists, and Falun Gong. The phrase is internal Chinese state shorthand for the domestic dissidents the Party has identified as primary political threats. RedAlpha has targeted all five.

It has also targeted the international institutions that document what is being done to those five.

Read those targets carefully, because they answer a question that runs underneath every cyber story: who pays the bill when the corridor uses its fourth lane?

The bill is paid by Tibetan exiles whose parliamentarians get their emails harvested.

By Amnesty International researchers documenting the camps in Xinjiang.

By Radio Free Asia journalists reporting on the Hong Kong protests.

By the German think-tank scholars whose only crime was publishing rigorous academic work on the Uyghur question, and who got sanctioned by Beijing for it.

The corridor’s cyber lane is not abstract. It points its scanners at the conscience of the world’s response to Beijing, and it does so from infrastructure registered to the same institution that incubates Beijing’s leadership.

A serious country does not treat its dissidents this way. A serious country’s flagship university does not host the infrastructure that does.

The Layered System

Tsinghua infrastructure is not the only piece of the picture, and the Recorded Future report itself was careful to position it as one piece of a larger architecture. To anyone tempted to write the cyber chapter off as accusation without proof, the United States Department of Justice has, in at least one parallel case, named names. In November 2017, a federal grand jury in the Western District of Pennsylvania indicted three Chinese nationals — Wu Yingzhuo, Dong Hao, and Xia Lei — on conspiracy, computer-fraud, and trade-secret charges. The defendants were officers and employees of a Guangzhou-based information-security company called Bo Yu Information Technology Company, more commonly written as Boyusec, which threat-intelligence analysts had identified as the corporate face of an activity cluster known as APT3 or Gothic Panda. The intrusions targeted Moody’s Analytics, Siemens, and Trimble between 2011 and 2017; subsequent public reporting linked Boyusec to China’s Ministry of State Security.⁷ Tsinghua does not appear in the Boyusec indictment, and the Recorded Future Tsinghua-infrastructure report describes a separate activity cluster. What the two records establish, taken together, is the institutional pattern: Chinese state-linked cyber espionage is conducted, at scale, through a layered system in which state intelligence agencies, corporate fronts (Boyusec in Guangzhou, the Nanjing Qinglan Information Technology Company that some RedAlpha infrastructure traces to⁸), and the academic-network infrastructure operated by institutions like Tsinghua share keyboards and addresses across operations that target the same victims for the same strategic reasons. The corridor’s fourth lane is not a Tsinghua project alone. It is a system. Tsinghua is one of its load-bearing walls.

The Prestige Camouflage in Cyberspace

And here is where the prestige-camouflage observation from the standalone Interlude pays off, because the same blind-spot logic that operates in higher education operates in cyber threat-modeling, and it operates there for the same structural reason.

The cyber attacks Americans hear about are the marquee ones. The 2015 breach of the United States Office of Personnel Management, which exposed background-investigation files on twenty-two million federal employees. The intrusions into the major defense contractors. The compromises at Microsoft, at Google, at the cloud providers whose names are familiar to anyone who reads a newspaper.

These attacks get coverage because their victims are recognizable and the harm is legible at scale.

The attacks Americans do not hear about hit a different class of target entirely. They hit the regional law firm that handles security-clearance background investigations on a defense contractor’s subcontractors. They hit the city government of the town the contractor builds parts in. They hit the small research foundation administering the federal grant. They hit the regional hospital network, the mid-tier university research office, the supply-chain software vendor with twenty employees and three Fortune 500 customers.

These are the targets where the same logic of the Interlude applies. A target whose name nobody knows is a target nobody is watching. A target nobody is watching is a target whose compromise is unlikely to make the news. A target whose compromise does not make the news is a target the architecture can hit again next year.

The campus camouflage on the higher-education side has a perfect mirror on the network side. The prestige hierarchy you carry around in your head, that tells you the “real” attacks must be the ones at Lockheed Martin and the Pentagon, is the same hierarchy that ensures the attacks at the law firm and the hospital and the small university administering the grant simply do not register as part of the picture.

The corridor exploits that hierarchy on the campus side. It exploits the same hierarchy in cyberspace.

The Shape of the Corridor, After Five

This installment closes the architectural section of the series. We have now mapped five lanes.

Part One showed the leadership incubator — Tsinghua as the institution from which the politburo and the senior cadres are drawn, the place where the Chinese Communist Party reproduces itself. Part Two showed the defense system — the dedicated weapons laboratories, the military-civil-fusion integration, the State Administration of Science, Technology, and Industry for National Defense sitting as co-administrator. Part Three showed the recruiters — the Thousand Talents Plan and its successor Qiming pulling scientists from Harvard and Stanford and the Massachusetts Institute of Technology into the corridor at the rate of hundreds per year. The standalone Interlude showed the prestige camouflage — the architecture by which the same machine operates one tier down, at schools no national reporter has heard of, through corporate cutouts that bypass the disclosure laws designed to make it visible. Part Four showed the highway — the joint institutes, the Tsinghua-Berkeley Shenzhen Institute, the eighty-seven million dollars in undisclosed funding, the seven-nanometer chip contest won six months after the export controls. This installment, Part Five, shows the backdoor — the cyber lane that does not need the highway because it does not need permission.

It is one institution. It is one machine. The same university produces the leadership, hosts the defense laboratories, receives the recruited scientists, anchors the joint institutes, operates the academic internet backbone, and sits at the address space from which the espionage activity recurs. The corridor is not a metaphor and it is not a conspiracy theory. It is an institutional fact, documented across five installments by named Western researchers, named Congressional reports, named Chinese government documents, and the careful, conservative attribution language of professional cybersecurity firms.

And so one final sentence, addressed not to Beijing but to the institutions that are still American. The same university whose network has hosted, on the documentary record of Western researchers, sustained reconnaissance against Tibetan parliamentarians and Kenyan port authorities and German automakers and Amnesty International, is the same university whose name still appears on memoranda of understanding signed by American institutions, on Section 117 disclosure failures, on joint-research output, on faculty appointments accepted on its campuses in Shenzhen and Beijing. The legal highway and the illegal backdoor do not run through different buildings. They run through the same one.

The architectural map is now complete. Part Six turns the page. So far we have followed what the corridor absorbs: leadership, recruits, joint institutes, network access. The remaining installments turn to what the corridor produces. Tsinghua is no longer only a destination. It is now an exporter — of artificial-intelligence companies that the United States Commerce Department has placed on the Entity List, of the semiconductor talent that fills the Qiming program, of the policy doctrine the Belt and Road Initiative carries into the world. Part Six is about the spinoffs: what happens when the corridor stops importing and starts shipping.