Cyberattacks seen targeting 16 industries in China: security report

 Cyberattacks seen targeting 16 industries in China: security report

More than 1,200 APT attacks from 13 foreign APT organizations targeting China were detected in 2023, according to a newly released annual cybersecurity report by Chinese firm 360 Security Group on Tuesday. The report showed that cyberattacks affecting China occurred in 16 industries, with education being the most frequent target. 

Throughout 2023, 360 detected over 1,200 APT attack incidents targeting China from 13 foreign APT organizations, mainly based in North America, South Asia, Southeast Asia, and East Asia. 

An expert from 360 Security Group told the Global Times that APT organizations are not ordinary individual hackers, but high-level professional forces represented by state-level hacker organizations and some even have direct involvement from national or political powers. 

APT organizations not only continuously monitor and engage in espionage activities against national governments and critical departments but also deepen threats to a country's politics, economy, society, and defense. Once APT organizations launch cyberattacks on the entire infrastructure of a country, it may lead to paralysis of transportation, banking, aviation, and hydroelectric systems, causing serious impacts on national political stability and economic development, the expert noted.  

APT attack techniques are being continuously upgraded, with targets spreading and attacks becoming more sophisticated. The APT attacks launched by the US are the most severe, the report said.

It showed that APT organizations from the US have already demonstrated automated, systematic, and intelligent characteristics in their global cyberattacks. Their attack techniques are able to cover almost all internet and IoT assets worldwide. They can control foreign networks and steal critical data, serving their military and political espionage objectives. 

The report said that global cybersecurity vendors and institutions have publicly released a total of 731 APT reports, revealing 135 APT organizations. As of now, 360 Security Group has discovered a total of 54 overseas APT organizations and it found two overseas organizations, APT-C-57 (Volning) and APT-C-68 (Parasite), in 2023.

The cyberattacks affecting China involve 16 industries, with the top five affected industries being education, government, scientific research, national defense and military industry, and transportation.

The report shows that half of the APT attacks targeted China's education and scientific research industry. 360 Security Cloud has found that in some attacks targeting the education and scientific research field, attackers exploited compromised resources, such as stolen document data and contact information, to carry out further precise attacks and expand the success of the attack.

The report reads that government agencies have always been the core target area of APT attacks over the years, with maritime agencies, overseas agencies, financial regulators, and transportation management being the key areas affected.

The report calls for more attention from China's foreign affairs-related agencies to effectively prevent such attacks. It said that with the continuous increase in China's international influence, the political, economic, and trade data held by overseas agencies directly relates to the core interests of China as well as other related countries. 

The companies affected by APT attacks are concentrated in southeastern coastal China and the country's political and economic centers. The report said this is due to the geographical distribution of infrastructure, key resources in education and scientific research, and core units in national defense and military industry in China.
 
Noticeably, with the intensification of the US' blockade policy against China's high-tech sector, there has been a significant increase in attacks on China's chip and 5G sectors, as well as other high-tech fields in 2023. This has involved multiple APT organizations, with APT-C-39 (CIA) from the US being the most prominent, according to the report. 

The expert from 360 Security Group told the Global Times that the attacks and infiltrations by APT organizations targeting China's high-tech fields are in coordination with the political forces behind them, aiming to restrict and suppress China's high-tech development.

The expert warned that when dealing with APT attack threats, more attention should be paid to the political forces behind the attackers, which will help in understanding the purpose and overall picture of the attack threats.

Additionally, the report noted that in 2023, APT organizations have also significantly increased their attacks on China's geographical and geological surveying fields. This indicates that APT organizations' attacks and espionage have gradually become conventional means for political forces to gather intelligence and achieve political and even strategic objectives.

In July 2023, the US launched a cyberattack on the Wuhan Earthquake Monitoring Center, as monitored by the National Computer Virus Emergency Response Center (CVERC) and Chinese internet security company 360. The report said the seismic intensity data from the earthquake monitoring center is closely related to national security. By using the seismic intensity data, it is possible to reconstruct three-dimensional topographic maps of specific areas in important sectors such as transportation, energy, and military. The leakage of data poses a serious threat to the country's military security and national security, it said.

In face of the threats posed by APT organizations, the expert suggested filing the security incidents so as to trace every cyberattack and strengthen the defense systems. Artificial intelligence technologies can be adopted to enable automated analysis, filtering, and correlation of security events, the expert noted.

When significant cybersecurity incidents occur, relevant organizations should proactively report them to facilitate the participation of multiple parties such as the government, security vendors, and organizations, forming a strong collaborative force to respond to cyberattacks, the expert noted.