Russia & China: Counterintelligence Threats – The Cipher Brief

The New Cold War: How China and Russia Are Rewriting the Espionage Playbook

Are you ready for a new era of espionage? Forget the trench coats and smoky backrooms. Today’s spy game is a high-stakes, multi-domain battle for global dominance, and the U.S. is in the crosshairs.

Echoes of the Past, Threats of the Future

The cold War may be over, but its lessons are more relevant than ever. From the Cambridge Five to Aldrich Ames, history is filled with cautionary tales of betrayal and espionage. But today, China and Russia are combining Cold War tactics with cutting-edge technology to create a threat landscape unlike anything we’ve seen before.

the Enduring Lessons of Espionage Failures

What did we learn from the spies of yesteryear? Assume everyone is a target. Insider threats are more dangerous than technical weaknesses. And real-time anomaly detection is crucial. These axioms, born from past failures, are the bedrock of modern counterintelligence.

China’s Rise as a CI Superpower

China is playing a different game. They’re not just stealing secrets; they’re building a system designed for long-term technological advantage. Their revised Counter-Espionage Law expands the definition of “state secrets,” making almost all international contacts suspect. This gives them broad authority to target foreign companies, NGOs, and academic collaborations within China.

The MSS: Spearheading China’s Espionage Efforts

The Ministry of State Security (MSS) is at the forefront of china’s expansive HUMINT and SIGINT campaigns. Remember Yanjun Xu, the MSS officer convicted of trying to steal aviation engine designs? Or Linwei Ding, the former Google engineer indicted for theft of AI chip architecture? These cases highlight China’s relentless pursuit of technological dominance through espionage.

Cyber Stealth and Space Ambitions

In cyberspace, China prefers stealth and persistence. The Volt Typhoon intrusion set, such as, burrowed into U.S. critical infrastructure for years, using “living-off-the-land” techniques to evade detection. And in space, China’s development of rendezvous-capable satellites raises serious concerns about their ability to disable or capture U.S. assets.

Russia’s Reinvention After Expulsion

Russia may be behind China in some areas,but they’re catching up fast. After the expulsion of over 300 operatives from Europe in 2022, Moscow adapted quickly, turning to freelance saboteurs recruited online to conduct acts of technical and psychological warfare.

Cyber Warfare and Details Confrontation

Cyber operations remain Russia’s strategic centerpiece. The SolarWinds breach in 2020, attributed to the SVR, penetrated over 100 U.S. government and private networks, giving them deep access to internal systems. This reflects Moscow’s doctrine of “information confrontation,” blurring the lines between espionage and influence operations.

HUMINT and Kinetic Escalation

The case of the three German-Russian nationals arrested for surveilling U.S. bases and planning bomb attacks on infrastructure supporting Ukraine underscores the risk of kinetic escalation via HUMINT collection. This isn’t just about stealing secrets; it’s about preparing for potential conflict.

Common Tactics: A Convergence of espionage Strategies

Despite their distinct structures and strategies, Russia and China are converging on how they conduct espionage.They’re both using proxy operations, supply-chain compromises, and space denial tactics to undermine U.S. defenses.

Proxy Operations: Deniability and Penetration

Both countries use third-party actors, freelancers, academic cut-outs, and contractors to avoid attribution while maintaining the ability to penetrate their main enemy. this makes it harder to trace attacks back to the source and allows them to operate with greater deniability.

Supply-chain Compromise: Scalable and Stealthy Entry Points

Targeting developer tools like JetBrains and Ivanti VPNs creates scalable, stealthy entry points that are often missed by perimeter defenses. This allows them to compromise multiple systems with a single attack.

space Denial: Contested CI Terrain

Direct-ascent and co-orbital systems demonstrate that space systems are contested CI terrain. This means that the U.S. can no longer take its space assets for granted and must actively defend them against attack.

A 21st-Century CI Response: Recommendations for U.S. Resilience

The U.S. needs to move beyond ad hoc protection and develop a sustained, cross-domain CI strategy to confront these threats. This requires a multi-faceted approach that addresses HUMINT resilience, cyber counterintelligence, and space domain protection.

HUMINT Resilience: Enhanced Vetting and Offensive CI

Enhanced vetting, including psycholinguistic analytics, financial anomaly detection, and travel surveillance, is crucial.The U.S. also needs to expand the use of controlled dangles, double-agent operations, and deception feeds. Engaging with diaspora communities to detect coercion, such as China’s “Fox hunt” campaigns, is also essential.

Cyber Counterintelligence: Zero-Trust Architecture and Public-Private Partnerships

All IC systems should have identity-centric defenses with analytics on user behavior. CI teams must implement proactive cyber deception and integrate with industry threat-sharing platforms. This requires a collaborative effort between the public and private sectors.

Space Domain Protection: Redundancy, Deception, and Integration

Creating launch-on-demand capabilities and numerous satellite constellations is essential for achieving multiple redundant capabilities and decoys. On-orbit deception, such as automated maneuvering scripts, laser-reflective coatings, and electromagnetic masking, can also help protect satellites. co-locating CI analysts and counter-space operators can facilitate real-time attribution of orbital threats.

Integration of Institutions: CIES Liaisons and Supply chain Security

Integrating CI officers into cyber defense teams can turn anomalies in the digital world into leads for human intelligence. A Supply Chain Security Board, coordinating adversary technology dependencies with DHS, NCSC, DoD, and the Department of Commerce, is also crucial for achieving self-sustainable policies. Allied Reciprocity Agreements can speed up cueing by sharing raw threat data with critically important partners like Five Eyes.

Modernization of the Workforce and Use of Technology: AI Copilots and Language Depth

Using LLMs for anomaly scanning in classified and open-source domains (in safe,air-gapped environments) can substantially enhance threat detection. Providing IC case officers and federal agents with retention bonuses for Mandarin and Russian language immersion training is also essential.red teaming exercises, simulating ASAT and day-after sabotage scenarios, can evaluate agency preparedness and response mechanisms.

The Russia-China intelligence threat is an all-out struggle for global influence. The U.S. needs a resilient, integrated, and proactive CI architecture developed for the threats of today and tomorrow. By integrating lessons learned from the Cold War with contemporary analytics, bringing CI into the private sector, and carefully training a new generation of professionals, the U.S. can create a defense as accurate as the threat against it.

The New Cold War: How China and Russia Are Rewriting the Espionage Playbook – An Expert’s Perspective

Keywords: Espionage, China, Russia, Counterintelligence, Cybersecurity, National Security, Intelligence Community, Cyber Warfare, Supply Chain Security, Space Security

Time.news Editor: Welcome, everyone. Today, we’re diving deep into the evolving landscape of global espionage with Dr. Evelyn Reed, a leading expert in counterintelligence and national security. Dr. reed, thanks for joining us.

Dr. Evelyn Reed: It’s my pleasure to be here.

Time.news Editor: This article paints a stark picture of a new “Cold War,” with China and Russia reimagining how espionage is conducted. Is this an accurate assessment?

Dr. Evelyn Reed: Absolutely. The Cold War may be over in its original form, but the underlying tensions and competition for global influence remain, now amplified by technological advancements. China and Russia are actively challenging the U.S.’s position thru sophisticated espionage campaigns that go beyond conventional methods. It’s an evolution, not a simple repeat of the past. We’re seeing a convergence of cold War tactics with state-of-the-art technology.

Time.news Editor: The article highlights China’s focus on long-term technological dominance through espionage.How does this differ from traditional espionage practices?

Dr. Evelyn Reed: Traditionally, espionage focused on stealing secrets for immediate tactical advantage. China’s approach is far more strategic. They’re not just after specific pieces of details; they’re building an entire system designed to achieve technological supremacy. This includes intellectual property theft, targeting research institutions, and even aggressively pursuing talent. The revised Counter-Espionage Law in China is a game-changer,effectively making almost all foreign contact suspect,allowing them to target foreign companies and academic collaborations on a much broader scale. This really aims at stifling innovation and competetion with China.

Time.news Editor: The Ministry of State Security (MSS) is mentioned. Can you elaborate on their role and some key cases that illustrate China’s methods?

Dr. Evelyn Reed: the MSS is China’s primary intelligence agency and spearheads its HUMINT (human intelligence) and SIGINT (signals intelligence) operations. cases like Yanjun Xu,who attempted to steal aviation engine designs,and Linwei Ding,who stole AI chip architecture from Google,exemplify China’s relentless pursuit of technological advancements through espionage. The sheer volume of cases is alarming. The FBI’s reported 1,300% increase in China-linked intellectual property theft since 2010 is a statistic that demands attention. This is an organized, government-backed effort to undermine American innovation.

Time.news Editor: The article also discusses China’s activities in cyberspace and space. What are the key concerns in these domains?

Dr. Evelyn Reed: In cyberspace, China favors stealth and persistence. The Volt Typhoon intrusion set, which burrowed into U.S. critical infrastructure for years, demonstrates their ability to conduct long-term reconnaissance and possibly disruptive operations. They use “living-off-the-land” techniques,making it harder to detect their presence. In space, China’s growth of rendezvous-capable satellites raises concerns about their ability to disable or capture U.S. assets. This shows how seriously the East values tech superiority and is strategically building their CI to be a global superpower.

Time.news Editor: Turning to Russia, the article notes their adaptation after the expulsion of operatives in 2022. How has Russia adjusted its espionage tactics?

Dr. Evelyn reed: Russia, while potentially behind China in certain areas, has proven incredibly adaptable. After the expulsion of their operatives, they quickly turned to freelance saboteurs, recruited online, to conduct acts of technical and psychological warfare. This shift reflects a move towards deniability and a wider range of tactics.

Time.news Editor: Cyber warfare is described as Russia’s “strategic centerpiece.” What makes their approach to cyber operations so impactful?

Dr. evelyn Reed: Russia’s approach to cyber warfare is deeply integrated with what they call “information confrontation,” blurring the lines between espionage and influence operations. The SolarWinds breach is a prime example. It demonstrates their ability to conduct sophisticated, large-scale intrusions into critical infrastructure, giving them deep access to sensitive information and the potential to disrupt systems.

Time.news Editor: The article mentions Russia’s Nudol anti-satellite test. Why is this meaningful from an espionage and national security perspective?

Dr. Evelyn Reed: The Nudol test highlights Russia’s willingness to degrade U.S. space resilience during crises. Creating over 1,500 pieces of debris that endangered the International Space Station demonstrates a reckless disregard for international norms and a willingness to escalate situations. Space is now considered a CI terrain.

Time.news Editor: The article stresses the convergence of espionage strategies between Russia and China, particularly in proxy operations, supply-chain compromise, and space denial. Can you explain these common tactics?

Dr. Evelyn Reed: Both countries are increasingly using proxy actors such as academics and freelance hackers to operate, making it harder to attribute attacks directly to them. Supply-chain compromises,targeting developer tools,provides scalable and stealthy entry points into multiple systems together. Space denial tactics, such as developing anti-satellite weapons, further threaten U.S. assets and capabilities.

Time.news Editor: What needs to be done to implement an effective counterintelligence strategy?

Dr. Evelyn reed: There needs to be a multi-faceted approach. This means improved vetting processes that incorporate modern forms of analytics, financial anomaly detection, and monitoring.The U.S. also needs to employ proactive AI, deception, and robust cyber counterintelligence measures, alongside public-private sector threat sharing. Space assets must be more redundant and on-orbit deception needs to be leveraged.institutions need to have a modernization of workflow and tech.

Time.news Editor: Thank you, Dr. Reed,for your invaluable insights,really valuable lessons that need to be actioned with urgency.