Chinese nation state actors to ramp up cyber espionage attempts in 2024


CYJAX, a threat intelligence provider, today announces its latest research, Broken China, analysing the turbulent socio-economic situation in China and how this will likely lead to an increase in cyber espionage activities by the PRC to give Chinese businesses a competitive edge.

The report finds that China is facing major economic pressures from all sides. Its economy is still suffering from the effect of COVID, its manufacturing industry is shrinking, and its property sector is overleveraged due to an aggressive borrowing strategy. There are also signs of growing dissent among its youth, driven by rising unemployment.

Although there are remedies that could aid in China’s economic recovery, its culture of nationalism and conservatism makes implementing them unlikely. There is also the threat of chillier US-China relations if Donald Trump returns to the White House, which could mean even higher trade tariffs than today.

With a bleak economic future looming, Cyjax predicts that the PRC will opt for more short-term solutions to grow its economy fast—and this will include more aggressive cyber espionage campaigns designed to steal foreign intellectual property (IP) and boost Chinese industry.

The PRC uses various threat groups to conduct espionage campaigns and over the next year Cyjax expects a major uplift in activity from the following:

  • The Gallium group: active since at least 2012, the group is well known for being part of Operation Soft Shell which targets global telecoms and Microsoft Exchange servers. The group targets and steals IP from telecommunication, financial, and government entities in Southeast Asia, Europe, Africa, and the Middle East.
  • Sandman: the group targets telecommunication providers in the Middle East, Western Europe and South Asia. It uses a novel backdoor that abuses the LuaJIT platform to deliver malware.
  • MustangPanda: the group had been observed to be targeting Beijing’s more local advisories mainly including Southeast Asian governments.
  • VoltTyphoon: believed to have been operating since 2021, the group targets critical US infrastructure for intelligence gathering purposes in alignment with the requirements of the PRC.

“China is a far more complex and nuanced territory than generally portrayed. Its internal pressures are likely to lead to increased cyber espionage activity, rather than slowing it down,” said Ian Thornton-Trump, CISO at Cyjax. “The PRC’s approach to cyberspace has always been to use it to advance its business interests, extracting technologies from Western companies and creating a protected domestic market for these industries, giving them an advantage in the global market. A better understanding of the country’s internal forces, and how these relate to its cyber strategy, we can plan better defences against PRC cyber espionage.”



Source link