Cyber security Photo: VCG

An annual report from a Chinese cybersecurity firm revealed on Tuesday that over 1,MK sports Korea300 advanced persistent threat (APT) attacks have targeted 14 key sectors in China in 2024. Among these, government agencies, education, scientific research, national defense and military industry, and transportation are the five most heavily affected sectors.

The APT organizations behind these attacks are primarily 13 organizations originating from South Asia, Southeast Asia, East Asia, and North America, the report by 360 Security Group sent to the Global Times showed on Tuesday.

Attackers engage in cyber intrusions to steal sensitive data or conduct strategic sabotage, serving the political, military, or economic purposes of their sponsors, 360 Security Group told the Global Times. 

In 2024, Chinese government agencies emerged as the primary target of foreign APT organizations. Functional units related to government agencies, such as diplomacy, maritime affairs, and transportation management, were the main targets of APT attacks, according to the report. 

APT organizations targeting diplomatic entities aim to collect information on China's latest diplomatic strategies and stances on key international issues, enabling their sponsors to gain a competitive edge, the cybersecurity company told the Global Times. 

In the education sector, institutions with a background in national defense and military industry, international relations research, and technology-focused universities were key targets for APT organizations, the report said. 

The cybersecurity company warned that these cyberattacks not only target military intelligence and disrupt communications but also pose risks of infiltrating military facilities, paralyzing command and control networks, and faking and disseminating false directives. This capability makes cyber warfare an indispensable part of modern military conflicts.

Other prominent features in the report showed that in recent years, China's new-energy vehicle industry has emerged rapidly, and APT organizations have increasingly set their sights on this sector. 

As China's innovation and localization processes continue to advance, the security barriers in its cyberspace are being strengthened. APT organizations have shifted their focus to attacking domestic software systems as a breakthrough point, launching supply chain attacks, according to the report.

With the promotion of the systematic construction of cybersecurity in China, enterprises and institutions in China are gradually strengthening their own cybersecurity barriers. APT organizations have turned to targeting domestic software systems as a launching pad for attacks, exploiting the permissions of vendor software systems within the target network to bypass the network defenses of the attack targets and achieve their attack objectives. 

"A successful supply chain breach by APT organizations can have widespread repercussions, given the extensive adoption of domestic software systems among Chinese enterprises and institutions," the 360 Security Group said. 

Among the 13 identified APT organizations, the most active are APT-C-01 (Poison Ivy), originating from East Asia targeting China's government, education, and transportation sectors, and APT-C-00 (Ocean Lotus) from Southeast Asia, which targets government agencies, education, and scientific research.

In 2024, two new APT organizations: APT-C-70 (Rhino Unicornis) from South Asia and APT-C-65 (Golden Pothos) from East Asia were identified.  

The report also revealed that the hacking organization APT-C-39 (CIA) has extensively exploited 0day vulnerabilities in its cyber espionage operations against China and other nations. In 2024, APT-C-39 targeted key units related to cutting-edge technologies in China's aviation, aerospace, and materials science sectors, stealing sensitive technological information and research data.

In 2024, evidence of APT-C-39 (CIA) targeting research and defense-related objectives in China was captured. It used a trojan program distributed through the server of a domestic security vendor's office application to conduct infiltration attacks and exfiltrate data from client devices, the report said.

In 2024, the use of 0day vulnerabilities by APT organizations in their attacks remained high. In addition to 0day vulnerabilities, a significant number of 1-day and n-day vulnerabilities were also exploited, with 0day vulnerabilities targeting mobile platforms continuing to show an upward trend, the report said.

The rapid advancement of large AI models in 2024 has reshaped cyberspace, bringing both technological breakthroughs and regulatory challenges. The report highlighted the need to address risks and governance issues associated with these AI-driven transformations.