A leaked database from a Chinese firm named Shenzen Zhenhua Data suggests that Beijing has been amassing personally identifiable information on tens of thousands of citizens worldwide to use it as a "psychological warfare" tool to influence public opinion.
The data leak shows that Zhenhua has already gathered information on nearly 35,500 Austalian citizens, including diplomats, civil servants, military officers, politicians, software billionaires, academics, bank bosses, journalists, lawyers and even a prime minister.
In total, the names of 2.4 million individuals and 650,000 organisations exist on the database.
According to Australian broadcaster ABC, the leaked database was shared with Professor Chris Balding, an American academic who worked at China's Peking University until 2018. After fearing for his safety in China, he left the country and moved to Vietnam, where he spent some months before returning to the US earlier this year. He is currently a professor at Fulbright University.
According to Professor Balding, Zhenhua Data has links to China's military and intelligence networks.
"China is absolutely building out a massive surveillance state both domestically and internationally," he told ABC.
After analysing the database with a team of experts, Balding provided it to Canberra-based cyber security firm Internet 2.0, which recovered nearly 250,000 records of private individuals.
Of those recovered records, 52,000 are Americans; 35,000 Australians; 10,000 Indians; 9,700 British; 5,000 Canadians; 1,400 Malaysians; with 793 from New Zealand. Many people in the list are also tagged as being of special interest.
Some big names present in the list include Australian Prime Minister Scott Morrison; current Ambassador in the US, Arthur Sinodinos; former Ambassador, Joe Hockey; and Chair of the Intelligence Committee, Andrew Hastie.
Profiles of US President Donald Trump, Japanese PM Shinzo Abe, Vladimir Putin and their family members, as well as those of many members of the British Royal Family, also exist in the database.
Most of information collected by Zhenhua is in the public domain, including addresses, dates of birth, marital status, social media IDs and political associations, and it is believed that the data was scraped from some popular social media platforms, such as Twitter, Facebook, and LinkedIn.
Robert Potter, CEO of Internet 2.0, said that Shenzen Zhenhua Data had been gathering data from different countries and sending it back to a server based in China.
The information sent is split into multiple databases, such as, military officials, politicians, professors of universities, intellectual property and patent databases, to help Chinese intelligence agencies focus on specific individuals of interest.
Zhenhua claims to have about 20 "collection nodes" located worldwide, according to ABC. Of these, one is thought to be located in Kansas, US, while another is based in South Korean capital Seoul.
The attack seems to have infected business systems, not data centres software
Join us to learn about the newest techniques deployed by attackers
Twenty-three are rated as 'Critical', many affect SharePoint
Northumbria University is also 'experiencing an ongoing IT issue as a result of a cyber incident'
The group has a history of abusing the Know Your Customer (KYC) regulations to target financial technology firms