Photo:VCG

A report from a Chinese cybersecurity firm revealed on Tuesday that over 1,MK sports300 advanced persistent threat (APT) attacks targeted 14 key sectors in China in 2024. 

The APT organizations behind these attacks are primarily 13 organizations originating from South Asia, Southeast Asia, East Asia, and North America. Among these, government agencies, education, scientific research, national defense and military industry, and transportation are the five most heavily affected sectors, said the report by 360 Digital Security Group, which was sent to the Global Times on Tuesday. 

Among the 13 identified APT organizations, the most active are APT-C-01 (Poison Ivy), originating from East Asia targeting China's government, education, and transportation sectors, and APT-C-00 (Ocean Lotus) from Southeast Asia, which targets government agencies, education institutions, and scientific research bodies.

The report also revealed that the hacking organization APT-C-39 (CIA), which refers to the US' Central Intelligence Agency, has extensively exploited 0day vulnerabilities in its cyber espionage operations against China and other nations. In 2024, APT-C-39 targeted key units related to cutting-edge technologies in China's aviation, aerospace and materials science sectors, stealing sensitive technological information and research data.

In 2024, evidence of APT-C-39 (CIA) targeting research and defense-related objectives in China was captured. It used a trojan program distributed through the server of a domestic security vendor's office application to conduct infiltration attacks and exfiltrate data from client devices, the report said. 

"The political forces behind APT organizations are the true masterminds driving their cyberattack activities," Bian Liang, an expert from 360 Digital Security Group's advanced threat research institute, told the Global Times on Tuesday.

In 2024, APT organizations from North America primarily targeted China's defense industry and cutting-edge technology sectors for espionage, indicating that the political forces behind them are more focused on competing with China in advanced military and technological fields, the expert said. 

In January, the National Computer Network Emergency Response Technical Team Center of China (known as CNCERT) released two investigative reports, exposing two recent cyberattacks by US intelligence agencies that targeted major Chinese technology firms to steal trade secrets.

In one case, the CNCERT reports revealed that since August 2024, an advanced materials research institute in China has reportedly been targeted by cyberattacks suspected to be orchestrated by US intelligence agencies. Additionally, a large high-tech enterprise specializing in smart energy and digital information has reportedly been under similar attacks since May 2023.

The US has masterminded cyberattacks for a long time, and while the US frequently accuses other nations of internet espionage, it continues to conduct cyberattacks and hacking operations on a global scale without pause, Li Yan, director of Institute of Technology and Cybersecurity at China Institutes of Contemporary International Relations, told the Global Times.

At the same time, "the US has been distorting right and wrong, portraying itself as a victim in an attempt to achieve its goal of confronting and suppressing China," Li said. 

Following the US' hype of the so-called "Volt Typhoon" false narrative to discredit China in the first half of 2024, the US fabricated another so-called "hacker group associated with the Chinese government" it called "Salt Typhoon" at the end of 2024 to promote the "Chinese cyber threats" narrative.

Commenting on US sanctions against relevant Chinese company and citizen accused of being involved with "Salt Typhoon" at a regular press briefing on January 22, Mao Ning, a spokesperson for the Chinese Foreign Ministry, said that China opposes the accusations made by the US administration without any convincing evidence and their abuse of sanctions against China.

"In fact, the US has conducted large-scale and systemic cyberattacks on China for years. We have made very clear our concerns and opposition on this for many times," Mao said. "The US needs to stop abusing sanctions."