Cyberattacks Seen Targeting 16 Industries In China: Security Report

In the year 2023, a staggering count of over 1,200 Advanced Persistent Threat (APT) assaults originating from 13 distinct foreign APT entities, with China as their prime focus, were identified. This revelation stems from the recently disclosed annual cybersecurity dossier by the Chinese organization, 360 Security Group, on the day of Tuesday. The report underscores that these cyber intrusions impacted 16 different industries within China, with a notable emphasis on the educational sector.

Throughout the duration of 2023, the vigilant monitoring conducted by 360 Security Group unraveled more than 1,200 APT incidents with China as the target, orchestrated by 13 foreign APT organizations predominantly situated in North America, South Asia, Southeast Asia, and East Asia.

An authority from 360 Security Group, in conversation with the Global Times, emphasized the unique nature of APT organizations, portraying them not as conventional lone hackers but rather as sophisticated entities, often affiliated with state-level hacker organizations. Some even possess direct ties to national or political powers.

These APT organizations, functioning at a high level, engage not only in continuous surveillance and espionage against national governments and critical departments but also pose an escalated threat to a nation's politics, economy, society, and defense. The ramifications of APT attacks can extend to the point of crippling transportation, banking, aviation, and hydroelectric systems, thereby significantly impacting national political stability and economic development, as highlighted by the expert.

The techniques employed in APT attacks undergo consistent refinement, resulting in broader targets and heightened sophistication. The report identifies the United States as the source of the most severe APT attacks.

According to the report, APT organizations originating from the US exhibit characteristics of automation, systematic methodology, and intelligence in their global cyber campaigns. Their tactics are designed to encompass virtually all internet and Internet of Things (IoT) assets worldwide, enabling them to manipulate foreign networks and pilfer crucial data, aligning with their military and political espionage objectives.

The report further reveals that a cumulative total of 731 APT reports have been publicly disclosed by global cybersecurity vendors and institutions, uncovering 135 APT organizations. As of the present, 360 Security Group has identified 54 overseas APT organizations, with two new entities, APT-C-57 (Volning) and APT-C-68 (Parasite), discovered in 2023.

The cyber onslaughts on China span across 16 industries, with education, government, scientific research, national defense and military industry, and transportation ranking as the top five affected sectors.

A notable revelation from the report is that half of the APT attacks are directed at China's education and scientific research industry. In some instances, attackers exploit compromised resources, such as pilfered document data and contact information, to execute targeted attacks and amplify the impact of their offensive maneuvers.

The report highlights government agencies as perennial targets of APT attacks, with maritime agencies, overseas agencies, financial regulators, and transportation management being pivotal areas impacted.

With China's increasing international influence, the report calls for heightened vigilance from foreign affairs-related agencies to thwart such attacks. It emphasizes the interconnectedness of political, economic, and trade data held by overseas agencies with the core interests of China and other nations.

Geographically, entities affected by APT attacks are concentrated in southeastern coastal China and the political and economic hubs of the country. The report attributes this to the distribution of infrastructure, key resources in education and scientific research, and central units in the national defense and military industry.

A noticeable trend in 2023, attributed to the intensified US blockade policy against China's high-tech sector, is a significant uptick in attacks on China's chip and 5G sectors, along with other high-tech domains. Multiple APT organizations, with APT-C-39 (CIA) from the US at the forefront, are implicated, signaling a coordinated effort to impede China's advancements in high-tech domains.

The expert from 360 Security Group cautions that attacks on China's high-tech fields align with the political forces driving them, aiming to constrain and stifle China's progress in these domains. The expert underscores the importance of understanding the underlying political motivations behind APT attacks to comprehend their purpose and overarching implications.

Additionally, the report notes a substantial surge in APT organizations' attacks on China's geographical and geological surveying sectors in 2023. This suggests that attacks and espionage by APT entities have evolved into conventional methods for political forces to gather intelligence and achieve not just political but also strategic objectives.

In July 2023, the US executed a cyberattack on the Wuhan Earthquake Monitoring Center, as reported by the National Computer Virus Emergency Response Center (CVERC) and Chinese internet security company 360. The report underscores the significance of seismic intensity data held by the center, closely linked to national security. The potential leakage of this data poses a severe threat to the country's military and national security.

In response to the looming threat posed by APT organizations, the expert recommends meticulous documentation of security incidents to trace each cyberattack and fortify defense systems. The incorporation of artificial intelligence technologies for automated analysis, filtering, and correlation of security events is proposed as a proactive measure to enhance cybersecurity defenses.

When significant cybersecurity incidents transpire, the report advocates proactive reporting by relevant organizations. This collaborative approach involving government entities, security vendors, and organizations aims to form a robust collective force capable of responding effectively to cyberattacks.