While spam and viral attacks are not uncommon, the latest wave is part of a pattern of increasingly sophisticated emails tailored to tempt foreign reporters, rights activists and other targets to open infected attachments.
On Oct 1, the Communist Party is celebrating 60 years of rule over mainland China with a military parade. Beijing has tightened security ahead of the anniversary, with armed paramilitary troops at subway exits during rehearsals and neighborhood residents recruited to watch over the streets.
"There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar," said Nicholas Bequelin of Human Rights Watch in Hong Kong. He noted that non-government organizations are also favorite targets.
"Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it."
While poor English used to be a giveaway, new techniques include mimicking a known and trusted sender, or resending legitimate emails from activist organizations with a fake, malware-laden attachment.
The impersonating emails require more effort by the mystery senders but they are also more likely to be opened than easily identifiable, anonymous spam.
Chinese employees working for foreign news organizations in Beijing and Shanghai got identical emails on Monday, each with an attachment carrying malware meant to exploit Adobe Acrobat software, a common application used to read PDF files.
The email, which appeared to be from an economics editor named Pam Bouron, was a polite request for help lining up interviews during an upcoming visit to Beijing. It was tailored so that "Pam" appeared to work for each news organization.
The clue was that Reuters does not have an economics editor named Pam Bouron. Others who received the "Pam Bouron" email include the Straits Times, Dow Jones, Agence France Presse, and Italian news agency Ansa.
Similar emails carrying viruses, also attacking foreign news agencies and non-government organizations, were common ahead of the Beijing Olympic Games last year. In March this year, researchers at Infowar Monitor in Canada found widespread cyber-infiltration of the Tibetan government in exile.
The "Pam Bouron" emails on Monday targeted Chinese news assistants, whose names often do not appear on news reports and who must be hired through an agency that reports to the Foreign Ministry.
They were followed by two suspicious emails on Tuesday morning received by many foreign reporters in Beijing. (Editing by Jan Dahinten)