Google’s Threat Analysis Group (TAG) in a blogpost earlier this month identified a China-based hacking group in a list of “threat actors”, which also comprised Russian and Belarusian groups.

The blogpost, by Shane Huntley from the TAG, said a Russian group had conducted large “credential phishing campaigns” against Ukrainian media company UkrNet. A Belarusian group had targeted Polish and Ukrainian government and military organisations.

It said China-based threat actor “Mustang Panda or Temp. Hex” had targeted European organisations with emails with malicious attachments containing executable code. TAG had alerted authorities of its findings.

Targeting of European organisations has represented a shift from Mustang Panda’s regularly observed Southeast Asian targets,” said Google TAG in the blogpost.

China at the time fiercely denied the claim, telling Forbes that it was a staunch defender of cyber security and a main victim of cyber attacks, and that it was “important to have complete and sufficient evidence when investigating and defining cyber-related incidents”.

However, self-described China focused cybersecurity monitor “Intrusion Truth” said there was evidence of Chinese participation online in the Ukraine crisis.

“Intrusion Truth now knows that Chinese hackers are conducting cyber attacks against Ukraine. We can only assume these have been ordered, or are at least condoned, by the Chinese state,” it said on Twitter.

Intrusion Truth is yet to reveal any specific evidence it has.

The group gained notoriety in 2017 for revealing Chinese hacking groups and the names of hackers working for Chinese intelligence.

In Australia Prime Minister Scott Morrison has foreshadowed sanctions against China if it were to provide Russia with military equipment, but it is less clear that Australia or the US would sanction China over this level of online activity, if it had happened.

US president Joe Biden last week warned about consequences if China provided “material support” to Russia. China has said it opposes war and stands for peace, but it has not condemned Moscow’s actions in Ukraine.

Meanwhile a cyberattack against Viasat’s satellite servicing Europe, on the day of the invasion in late February, has authorities worried that if provoked, Russia might try to severely disrupt communications across Europe.

Viasat is a contractor for the Ukrainian military and other Western militaries, including the US and Australia.

On that day internet connectivity in Europe dropped to about 20 per cent, the report said.

Experts said the attack may have knocked out services beyond what Russia had intended.

In this case the attack impacted internet users as far away as France. According to reports, services were also drastically reduced in Germany, Hungary, Greece, Italy and Poland.

Co-founder and CEO of Internet 2.0 Robert Potter said China had a vested interest in the conflict and wanted to know what the Ukrainian government was thinking, but that was not the same necessarily as assisting Russia with a destructive campaign.

Mr Potter said Australia used a different geo-stationary satellite to Europe’s, but the incident did raise the dependence on satellite communications by both military and civilians and the increasing likelihood of satellites being targeted by hostile nations.

Originally published as China queried over Ukraine cyber activity