Digital War Games: Leaked Files Reveal China Rehearsing Cyberattacks on Taiwan, Japan, India and Southeast Asian Neighbors

By Ash K
Digital War Games: Leaked Files Reveal China Rehearsing Cyberattacks on Taiwan, Japan, India and Southeast Asian Neighbors

Newly leaked technical documents suggest that China has been systematically rehearsing cyberattacks against the critical infrastructure of multiple neighboring countries, using a covert cyber range designed to simulate real-world national systems. The materials point to a sophisticated training environment that mirrors power grids, transportation networks, and communications systems across the Asia-Pacific region.

The leaked cache, which surfaced from an exposed FTP server linked to developers associated with CyberPeace, provides a rare glimpse into how state-aligned cyber capabilities may be tested, measured, and refined before deployment.

Analysts reviewing the documents say the scope and realism of the simulations indicate long-term strategic planning rather than ad hoc experimentation.

Expedition Cloud and the Architecture of Cyber Rehearsal

At the center of the leak is a platform referred to as Expedition Cloud, described in the documents as a secure cyber range built to replicate foreign critical infrastructure environments with high fidelity.

The system appears to separate participants into reconnaissance and attack teams, each operating within controlled replicas of real-world networks. These environments are designed to behave like operational power distribution systems, transportation controls, and smart infrastructure.

Detailed logging and replay functionality allows operators to evaluate attack effectiveness, timing, and stealth, suggesting a feedback-driven approach to offensive cyber development.

Researchers note that such capabilities align with military-style training doctrines, where exercises are repeated and optimized over time.

Named Neighbors in the Simulated Target Set

Chinese flag over traditional architecture, representing state-linked cyber operations

Image Credit: Merics

The leaked materials reference network environments and infrastructure profiles that closely resemble those of several neighboring countries. Analysts believe these simulated targets correspond to Taiwan, Japan, India, the Philippines, Vietnam, and South Korea.

In the case of Taiwan, researchers point to detailed models of power transmission and telecommunications systems consistent with long-standing cross-strait tensions and prior cyber activity linked to the region.

Japan’s inclusion is inferred from simulations involving transportation and energy grids similar in structure to Japanese infrastructure, particularly in urban and coastal regions.

India appears in scenarios focused on energy transmission and industrial control systems, reflecting the strategic importance of power stability and industrial output.

Southeast Asian neighbors such as the Philippines and Vietnam are represented through models of port operations, logistics networks, and regional communications, systems critical to both civilian life and military mobility.

South Korea is also believed to be reflected in smart city and telecommunications simulations, aligning with its highly digitized infrastructure.

From Reconnaissance to Weaponization

The documents show that Expedition Cloud organizes exercises into distinct phases, beginning with reconnaissance and moving toward coordinated attack execution.

Standardized toolsets and what the files describe as “weapon images” are deployed across exercises, allowing results to be compared across multiple runs and teams.

This structure suggests a shift toward industrialized cyber operations, where offensive techniques are treated as repeatable, measurable assets rather than bespoke attacks.

Signals of State-Level Intent

Experts reviewing the leaked data say the level of investment implied by Expedition Cloud goes beyond criminal or hacktivist activity. The breadth of simulated targets and the emphasis on critical infrastructure point to state-sponsored intent.

The presence of training materials, source code, malware samples, and operational logs strengthens confidence in the authenticity of the leak.

Researchers warn that such platforms could enable faster, more automated cyber campaigns, particularly if combined with artificial intelligence to optimize attack selection and execution.

A Regional Security Wake-Up Call

The apparent rehearsal of cyberattacks against Taiwan, Japan, India, and Southeast Asian neighbors highlights the growing role of cyberspace in regional power dynamics.

Critical infrastructure operators across the Asia-Pacific region are being urged to treat cyber resilience as a national security priority rather than a purely technical concern.

As governments assess the implications of the leaked documents, the message is clear. Cyber conflict is no longer hypothetical. It is being practiced, refined, and prepared in advance.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.