The recently released annual cybersecurity report by Chinese firm 360 Security Group highlights more than 1,200 Advanced Persistent Threat (APT) attacks targeting China in 2023, originating from 13 foreign APT organizations. APT attacks are sophisticated and sustained cyber threats, often associated with state-sponsored actors. These attacks are not isolated incidents but part of ongoing, well-coordinated efforts to infiltrate and compromise targeted entities. The report reveals various insights into the nature, scope, and impact of these attacks on China’s critical sectors.
Key findings from the report:
- Frequency and Origins of APT Attacks:
- More than 1,200 APT attacks were detected targeting China in 2023.
- A total of 13 foreign APT organizations were identified as orchestrating these attacks.
- The primary regions of origin for these APT organizations were North America, South Asia, Southeast Asia, and East Asia.
- Targets and Industries:
- APT attacks affected 16 different industries in China, with education being the most frequently targeted sector.
- The top five affected industries were education, government, scientific research, national defense and military industry, and transportation.
- The report notes a significant concentration of attacks on China’s southeastern coastal regions and its political and economic centers.
- APT Attack Techniques and Evolution:
- APT attack techniques continue to evolve, with increased sophistication and broader targeting.
- The report emphasizes that APT attacks launched by the United States are considered the most severe.
- APT organizations from the U.S. are characterized by automated, systematic, and intelligent attack characteristics, covering a wide range of internet and IoT assets globally.
- Focus on Education and Scientific Research:
- Half of the APT attacks targeted China’s education and scientific research industry.
- Attackers exploited compromised resources, such as stolen document data and contact information, to carry out more precise and expanded attacks.
- Impact on High-Tech Sectors:
- With the intensification of the U.S. blockade policy against China’s high-tech sector, there was a significant increase in attacks on China’s chip and 5G sectors in 2023.
- Multiple APT organizations, including APT-C-39 (CIA) from the U.S., were involved in these attacks.
- Geographical and Geological Surveying Fields:
- APT organizations increased their attacks on China’s geographical and geological surveying fields in 2023.
- This indicates that APT attacks and espionage are becoming conventional means for political forces to gather intelligence and achieve political and strategic objectives.
- Security Recommendations:
- The report suggests filing security incidents to trace every cyberattack and strengthen defense systems.
- The use of artificial intelligence technologies is recommended for automated analysis, filtering, and correlation of security events.
- Proactive reporting of significant cybersecurity incidents is encouraged to facilitate collaboration among the government, security vendors, and organizations in responding to cyber threats.
The report underscores the strategic implications of APT attacks, emphasizing the need for a comprehensive and collaborative approach to cybersecurity, involving various stakeholders such as government agencies, security vendors, and organizations. It also sheds light on the geopolitical aspects of cyber threats, with attacks perceived as coordinated efforts aligned with political agendas.