China’s cybersecurity was targeted by more than 1,300 attacks from APT Groups in 2024, as reported by publication Global Times with reference to a report from the Chinese company 360 Security Group.
The cyber attacks were directed at 14 key sectors of China, including state institutions, educational and scientific organizations, the military-industrial complex, and the transport sector. 13 groups from Southern, Southeast, and East Asia, as well as North America, were identified as being involved in these attacks.
APT groups specialize in cyber surveillance to steal confidential data or conduct strategic sabotage. In 2024, Chinese state structures, particularly units related to diplomacy, marine operations, and transport management, were the primary targets of these attacks. The aim of the attackers was to obtain information about China’s diplomatic strategies and positions on key international issues.
Furthermore, attacks were also directed at universities and research centers related to defense industry, international relations, and advanced technologies. The report highlighted the potential threats posed by such attacks, which could impact military intelligence, penetrate military facilities, disrupt control systems, and disseminate false commands.
One emerging target of cyber attacks was the electric vehicle production sector, as APT groups sought vulnerabilities in this rapidly growing industry. Additionally, there was an increase in attacks on Chinese software systems used across various organizations, including state institutions.
Hackers have increasingly been exploiting supply chain attacks, hacking into supplier software to bypass targeted companies’ protective measures. The successful hacking of software could have far-reaching consequences due to the widespread use of Chinese IT systems in the business environment, as cited by 360 Security Group.
Notable APT groups include APT-C-01 (Poison Ivy) from East Asia, targeting state and educational sectors, and APT-C-00 (Ocean Lotus) from Southeast Asia, aimed at government agencies and scientific institutions. In 2024, two new groups identified were APT-C-70 (Rhino Unicornis) from South Asia and APT-C-65 (Golden Pothos) from East Asia.
The report also highlighted the activities of APT-C-39, associated with the US CIA, which actively utilized 0Day vulnerabilities for cyber espionage