Criticality of Chinese cyber threat actors has increased in recent years: Mandiant

The number of cyber attacks by Chinese cyber criminals and their severity have increased in the recent years, said cyber security experts. The increasing attacks on utility and infrastructure services across the US and India have been a growing concern for the cyber security ecosystem, said Mandiant chief executive Kevin Mandia at the m-WISE Mandiant Security conference.

Mandia said the company has tracked severe advancements in the capabilities of these groups, which includes one particular group tagged as UNC4841. UNC4841 is an espionage actor behind a wide-ranging campaign in support of the People's Republic of China.

“The targeting is not just classical government and defence sector or even intellectual property in healthcare and chips manufacturing anymore,” said Mandia.

According to data from Mandiant, the group has already targeted an unspecified number of private and public sector organisations located in at least 16 countries, with almost a third being government entities. Almost 55% of the impacted organisations are in the Americas, followed by 24% in Europe, Middle East and Africa (EMEA) and 22% in the Asia-Pacific region.

“We are seeing increasing targeting of US critical infrastructure and Indian critical infrastructure,” he said, adding that attacks on such infrastructure like the power and transportation sector could disrupt essential services and can have economic effects and delay military responses.

India was the highest attacked country by hackers in Asia and the second-most attacked country globally (after the US) in 2022, according to a report by cybersecurity firm CloudSEK released earlier in the year. The number of cyber attacks on India increased by 24.3% last year. Asia-Pacific remained the most targeted region globally, receiving 20.4% of all attacks in 2021 and 24.1% of all attacks in 2022.

Sandra Joyce, vice president, Mandiant Intelligence, Google Cloud, said these threat actors have now moved to target areas of strategic national interest to countries. While they continue to target military and aerospace entities with malware, over the past couple of years they have also focused on attacking services to increase the impact of attacks.

“We are seeing a fifth of the attacks are now directed towards target propagation by using hi-tech and telecommunication entities,” said Joyce.

They are also targeting chip manufacturing, healthcare, financial services and other national level priority areas for companies.

Experts also said these attacks are increasingly getting harder to trace back to the source as threat actors are using a complex obfuscation strategy allowing them to take remote control of local devices and routers near the attack location.

According to data from Mandiant, almost 22% of recent attacks by the UNC4841 groups have targeted information technology and telecommunication networks.

(The reporter was in Washington DC at the invitation of Mandiant)