CrowdStrike: China hacking has reached 'inflection point'

China is the primary nation-state threat, according to CrowdStrike's latest "Global Threat Report," with a 150% increase in China-nexus activity observed across all sectors.

CrowdStrike's report, published Thursday, is the security vendor's annual study dedicated to its research surrounding emerging threats -- and threat actors -- from the previous year. Front and center this year was the People's Republic of China (PRC), whose cyberthreat capabilities remain top of mind for the U.S. infosec community following the compromise of multiple telecommunications providers by PRC-backed threat group Salt Typhoon last year. Moreover, Salt Typhoon's threat activity continues, with Recorded Future recently identifying a threat campaign targeting Cisco devices that was ongoing as recently as January.

CrowdStrike's report said Chinese nation-state capabilities reached an "inflection point" in 2024, and that the country's espionage activity continued to increase across almost every sector the security vendor tracked. Though the vendor observed a 150% increase in threat activity across all sectors from PRC-linked actors over 2023, the engineering, financial services, industrial, manufacturing and media sectors saw threat activity increases of 200% to 300%.

"Even among the top three sectors China-nexus adversaries most commonly target -- government, technology, and telecommunications -- China-nexus activity increased 50% in 2024 compared to 2023," the report read.

CrowdStrike also observed China-nexus adversaries' increasing response to government, law enforcement and researcher disruption efforts by "redoubling their attempts to obfuscate operations," which includes the use of ORB networks.

Adam Meyers, CrowdStrike's senior vice president of Counter Adversary Operations, said during a press call attended by Informa TechTarget this week that one of the most important and "terrifying" stories in this year's Global Threat Report was China's cyber capabilities reaching a point where the country is on par with other world powers.

"They've invested in these offensive capabilities, and they're up there now with the best of the best," he said. "And that is something that we need to take note of and be very careful about, because they're driven by political ambitions."

Although China's broader espionage and influence goals remain in place, CrowdStrike's report called attention to PRC General Secretary Xi Jinping's calls in 2014 for China to become a "cyber power," the Chinese Communist Party's (CCP's) strategy of national rejuvenation, and other technology priorities outlined in the 14^th Five-Year Plan for 2021 through 2025.

"Throughout 2024, China-nexus adversaries' advancements manifested through increasingly bold targeting, stealthier tactics, and specialized operations," the report read. "The underlying motivation is likely China's desire for regional influence in the nation's near abroad. This includes a desire for the eventual reunification of Taiwan, which may ultimately bring China into conflict with the United States."

Early last year, former FBI Director Christopher Wray and former CISA Director Jen Easterly warned that the Chinese nation-state threat group known as Volt Typhoon was targeting critical infrastructure for the "development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises." In other words, the threat group was laying the groundwork for future destructive attacks.

Similarly, Meyers said these pre-positioning activities are being used in preparation of hypothetical military action against Taiwan.

"They have made it clear that they have the intention of unifying with Taiwan by military force, if necessary. And what we've seen is that in the last year or two [is] we've seen an increase in what has been characterized as pre-positioning, or what I would call operational preparation of the environment," he said. "What that really means is that China is preparing to use these cyber capabilities in order to disrupt critical infrastructure and logistical support infrastructure that might be needed for the warfighter."

CrowdStrike identified seven new China-nexus threat actors, with five having unique specializations. Liminal Panda, Locksmith Panda and Operator Panda target telecom networks; Vault Panda focuses on the worldwide financial sector; and Envoy Panda targets government entities in Africa and the Middle East.