China Conceling State, Corporate & Academic Assets For Offensive Attacks

   November 28, 2024  Posted in CyberSecurityNews


China’s cyber threat landscape has evolved into a complex ecosystem involving state actors, private companies, and academic institutions.

This intricate network supports and enhances China’s offensive cyber capabilities, blurring the lines between government, industry, and academia.

China’s cybersecurity industry, valued at over $22 billion, includes numerous private companies supporting state-sponsored cyber operations.

Large firms like ThreatBook, Qihoo360, and Qi An Xin provide defensive security solutions and indirectly contribute to offensive operations. Smaller companies like i-SOON offer specialized services ranging from penetration testing to malware development.

Cybersecurity researchers at Orange Cyber Defense noted that the contractors operate in a competitive environment but occasionally collaborate.

China Conceling State, Corporate & Academic Assets For Offensive Attacks
Partial organigram of the Chinese state entities (Source – Orange Cyber Defense)

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

State actors in China’s cyber threat ecosystem

The key state actors in China’s cyber threat ecosystem include:-

People’s Liberation Army (PLA):

  • Consolidated SIGINT capabilities in the 2010s
  • Established the Strategic Support Force (SSF) in 2015-2016
  • Recently reorganized with the creation of the PLA Information Support Force and PLA Cyberspace Force in 2024
China Conceling State, Corporate & Academic Assets For Offensive Attacks
The Five Theatre Commands of China’s People Liberation Army (Source – Orange Cyber Defense)

Ministry of State Security (MSS):

  • Serves as both internal security service and foreign intelligence collection agency
  • Plays an increasingly prominent role in cyberespionage operations
  • Utilizes a mix of in-house talents and cyber contractors

Ministry of Public Security (MPS):

  • Responsible for public law enforcement and political security
  • Operates in the cyber field due to counterintelligence and computer crime investigation mandates

Academic institutions play a crucial role in advancing China’s cyber capabilitie. Military universities work closely with armed forces on projects like malware effectiveness testing.

Civilian universities collaborate with military structures for offensive operations, while the universities serve as talent pipelines for the PLA, MSS, and private contractors.

Besides this, the hacking competitions act as recruitment platforms and sources of vulnerabilities.

China’s vulnerability disclosure ecosystem exemplifies the integration of private companies and universities into the state cybersecurity framework.

Multiple interconnected vulnerability databases (like CNVD, CNNVD) managed by different entities. Vulnerabilities collected from industry partners and academic institutions.

Discovered vulnerabilities have been repurposed for state-sponsored cyber campaigns.

This comprehensive ecosystem demonstrates China’s strategic approach to building and maintaining its offensive cyber capabilities, leveraging a wide range of actors and resources to support its objectives in cyberspace.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar



Source link