With China’s economy collapsing, China will most likely launch more competitive cyberespionage campaigns, aimed at stealing foreign intellectual property, over the next year, according to a new report.
According to a white paper by risk intelligence firm Cyjax, the country’s economy is still suffering from the effects of Covid-19, its production industry is in decline, and its real estate sector is overleveraged, thanks to a competitive borrowing strategy. As a result, Cyjax predicts, it will most likely intensify its current practice of borrowing intellectual assets from Western companies, employing subsidies and non-tariff barriers to create companies and then creating a domestic market to give them a global advantage.
“China is a much more complex and nuanced territory than is usually portrayed. Their internal pressures will most likely lead to increased cyberespionage activity, rather than slowing it,” said Ian Thornton-Trump, CISO at Cyjax.
“The PRC’s technique in cyberspace has been to use it to advertise its advertising interests, extract technologies from Western corporations, and create a protected domestic market for those industries, thereby giving them an advantage in the global marketplace. “
The report highlights a number of risk teams that Cyjax expects to increase their activity over the next year.
The Gallium Group, which has been active since at least 2012, is part of Operation Soft Shell, which targets global telecommunications and Microsoft Exchange servers. The organization targets and steals intellectual assets from government, financial, and telecommunications entities in Southeast Asia, Europe, and Africa. and Half Oriente. La Operation Soft Cell has also been connected to the infamous APT41, a Chinese state-sponsored espionage organization that has been active since 2012.
More recently, he discovered Sandman Group, which targets telecommunications providers in the Middle East, Western Europe, and South Asia. It uses a new backdoor that abuses the LuaJIT platform to spread malware. Once they gain access to a system, the organization carries out a variety of activities, adding the creation of a limited number of files and directories and the installation of their traditional Lua-based backdoor.
MustangPanda, on the other hand, is actively involved in countries with which Beijing is in conflict and, in particular, in several Southeast Asian governments. This is related, for example, to a cyberattack that managed to compromise a Philippine government organization for five days last August. year. He also took aim at the Taiwanese government and diplomats in December 2023.
Finally, Cyjax anticipates increased activity from VoltTyphoon, which has reportedly been operational since 2021 and is guilty of a slew of high-profile attacks. They appear to be critical infrastructure organizations for intelligence-gathering purposes, at the request of the Chinese government. It uses the Living off the Land binaries to remain undetectable.
Last October, the intelligence chiefs of the Five Eyes countries — the United States, the United Kingdom, Australia, New Zealand, and Canada — issued a joint warning about the group, which they said posed an “unprecedented” threat. stealing secrets, especially in the fields of artificial intelligence, quantum computing, and artificial biology.
Thornton-Trump says, “With greater domestic strength of the country and how they relate to its cyber strategy, we can plan for greater defenses against the People’s Republic of China’s cyberespionage. “