In 2023, China experienced a surge in cyber threats with over 1,200 Advanced Persistent Threat (APT) attacks detected, originating from 13 foreign APT organizations, as revealed in a cybersecurity report by Chinese firm 360 Security Group. The attacks spanned 16 industries, with education emerging as the most frequently targeted sector.
360 Security Group identified APT organizations as highly sophisticated entities, often representing state-level or politically-backed hacking organizations. These entities engage in continuous surveillance and espionage activities, posing significant threats to a nation's politics, economy, society, and defense infrastructure.
The report highlighted the global nature of APT attacks on China, with organizations primarily based in North America, South Asia, Southeast Asia, and East Asia. A concerning trend was the increasing severity of APT attacks originating from the United States, characterized by automated, systematic, and intelligent features. These attacks displayed the capability to cover a wide range of internet and Internet of Things (IoT) assets globally, enabling control over foreign networks and the theft of critical data for military and political espionage purposes.
The top five industries targeted in China were education, government, scientific research, national defense and military industry, and transportation. Notably, half of the APT attacks focused on the education and scientific research sector, where attackers exploited compromised resources to launch precise and expansive attacks.
Government agencies remained a core target, including maritime agencies, overseas agencies, financial regulators, and transportation management. The report emphasized the need for increased vigilance by China's foreign affairs-related agencies to prevent such attacks, given the growing international influence of the country.
Geographically, APT attacks were concentrated in southeastern coastal China and major political and economic centers. The report attributed this to the distribution of infrastructure, key resources in education and scientific research, and core units in national defense and military industry.
An alarming trend noted in the report was the escalation of attacks on China's high-tech sector, particularly in response to the US' blockade policy. The chip and 5G sectors experienced a significant increase in attacks, with APT-C-39 (CIA) from the US being a prominent actor. The attacks on high-tech fields were seen as coordinated efforts by political forces to impede China's technological development.
Furthermore, APT organizations expanded their targets to include China's geographical and geological surveying fields, indicating a shift towards conventional means for gathering intelligence and achieving political and strategic objectives.
In July 2023, the US conducted a cyberattack on the Wuhan Earthquake Monitoring Center, raising concerns about the potential compromise of seismic intensity data crucial for national security. The leaked data could pose serious threats to military security and national interests.
To counter APT threats, the report recommended filing security incidents to trace cyberattacks and strengthen defense systems. The expert suggested leveraging artificial intelligence technologies for automated analysis, filtering, and correlation of security events. Additionally, proactive reporting of significant cybersecurity incidents was encouraged to facilitate collaboration between government, security vendors, and organizations in responding to cyber threats.
0 Comments