Chinese state-sponsored cyber operations have evolved dramatically, with attack groups demonstrating unprecedented technical sophistication and specialized targeting capabilities, according to a new threat report released by CrowdStrike.
The report reveals a staggering 150% increase in Chinese cyber intrusions across industries in 2024 compared to the previous year. Financial services, media, manufacturing, and engineering sectors experienced three to four times more attacks.
Among seven newly identified Chinese threat groups, five demonstrated advanced specialized capabilities. Three groups - Liminal Panda, Locksmith Panda, and Operator Panda (also known as Salt Typhoon) - specifically targeted telecom networks with distinct tactical approaches.
Salt Typhoon, which orchestrated attacks on U.S. and global telecom providers, remains active. The group was detected on five additional telecom networks as recently as January, according to intelligence reports. The Consumer Financial Protection Bureau (CFPB) has issued a warning to its employees advising them to restrict their cellphone usage due to a cybersecurity breach by Salt Typhoon.
The enhanced capabilities stem from China's sustained investment in developing technical talent. These groups have also refined their stealth tactics, employing operational relay box networks - botnets comprising thousands of compromised devices - to mask their activities.
"What used to be smash-and-grab — they would come in, steal what they could and leave — now they want enduring and persistent access," said Adam Meyers, Senior Vice President at CrowdStrike.
Of particular concern is Vanguard Panda (also known as Volt Typhoon), which targets critical infrastructure including maritime operations, air transportation, and intercontinental travel networks.
While intelligence gathering remains the primary focus of Chinese cyber operations, experts warn these intrusions could serve a strategic military purpose. By maintaining access to critical infrastructure networks, China could potentially disrupt U.S. response capabilities during potential conflicts, particularly regarding Taiwan.
The findings underscore the growing need for enhanced cybersecurity measures and vigilance against sophisticated state-sponsored threats.