The Chinese National Internet Emergency Center has discovered and resolved two significant cases of cyber espionage targeting Chinese technology companies and research institutions.
The attacks, suspected to have been orchestrated by U.S. intelligence agencies, aimed to steal critical commercial secrets and intellectual property, raising serious concerns over national cybersecurity.
We have recently reported that a large U.S. organization with significant operations in China fell victim to a sophisticated cyber attack, likely orchestrated by China-based hackers and now USA paying back.
The intrusion, which lasted for four months from April to August 2024, allowed the attackers to maintain a persistent presence on the organization’s network, primarily for intelligence-gathering purposes.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Targeting Advanced Material Design and Research Unit
Since August 2024, a prominent advanced material design and research organization in China was subjected to a sophisticated cyber attack.
Analysts revealed that the attackers exploited a vulnerability in an electronic document security management system widely used in the country.
The attackers infiltrated the software upgrade management server of the company, deploying control Trojans to over 270 hosts through the compromised software upgrade service.
This breach resulted in the theft of substantial quantities of sensitive commercial secrets and intellectual property.
According to an analysis report published by CNIE, “the attackers exploited a vulnerability in a certain electronic document security management system in China to invade the software upgrade management server deployed by the company, and delivered control Trojans to more than 270 hosts of the company through the software upgrade service, stealing a large amount of commercial secrets and intellectual property of the company.”
In another case, dating back to May 2023, a leading enterprise in China’s smart energy and digital information sector became a victim of continuous cyber attacks. Investigation findings indicate that attackers exploited vulnerabilities in Microsoft Exchange servers and used multiple overseas springboards to execute their campaign.
The cyber operation allowed the perpetrators to gain control of the company’s mail server, implant backdoor programs, and systematically steal email data.
Furthermore, the attackers leveraged the compromised server to infiltrate more than 30 additional devices belonging to the enterprise and its subsidiaries. The breach led to the extraction of vast amounts of valuable commercial data.
These incidents highlight the growing threat of cyber espionage against Chinese technology companies and institutions.
The National Internet Emergency Center has urged organizations across the country to strengthen their cybersecurity measures, apply timely software patches, and adopt robust monitoring mechanisms to defend against evolving threats.
These revelations underscore the importance of international cooperation in managing cybersecurity risks and the need to hold perpetrators accountable for such malicious activities.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free