Cyber security Photo: IC
A cybersecurity report for 2023 released by a Chinese company on Thursday said that global advanced persistent threat (APT) activities remain at a severe level. APT organizations are primarily distributed in countries and regions such as the US and India, with the US continuing to pose the main threat to global cybersecurity.
The report – released by Antiy Labs, one of China's foremost cybersecurity companies – summarized the distribution and activity of global APT organizations and activities in 2023. The US dominates the 556 APT organizations globally, and the highest level of attacks, known as A2PT attacks. APT organizations that pose a threat to China and neighboring countries also operate in India and Taiwan island.
Li Bosong, vice director of the Antiy security committee, told the Global Times that the US not only attacks important information systems and critical information infrastructure in other countries but also invades the personal communication devices of important individuals.
Taking the example of invading the Apple phones of key personnel in other countries, the US has attack modes based on services such as iMessage and FaceTime. It also uses “quantum systems” to insert temporary attack traffic when individuals access website content or use app network services on their phones.
The report shows that the US also shares the stolen data intelligence with other members of the Five Eyes – an intelligence alliance between the US, UK, Australia, Canada and New Zealand – and provides guidance on empowering attacks against China. The US has also been continuously upgrading its attack capabilities and methods.
In addition, the US has long tolerated the uncontrolled proliferation of commercial military tools such as the Cobalt Strike attack platform. This platform has been used by multiple global APT attack organizations such as Lotus Blossom and X Elephant in attacks against China, posing a serious threat to China’s security, according to the report.
Li told the Global Times that from 2023 to early 2024, further details of attack activities by A2PT organizations have been exposed. For example, US intelligence agencies bribed Dutch engineers to deploy the Stuxnet virus in Iran during the installation and maintenance of industrial systems. “When the US aims at high-value protected targets in other countries with physical isolation measures, they often use manpower, electromagnetic means, and other methods to assist in network attacks,” Li said.
The Antiy report also said that targeted ransomware attacks became increasingly diversified in 2023, with a growing number of attacks on the aerospace industry.
China’s aerospace industry is developing rapidly, especially in the areas of civilian drones and civilian space exploration. Li warned that in light of this, relevant departments and companies must strengthen prevention measures to effectively safeguard the security of technological assets, business assets, and data assets.