In recent years, the United States has been the target of multiple increasingly sophisticated attacks from advanced persistent threat (APT) actors originating from China. These malicious actors have been observed attempting to acquire sensitive intellectual property, personal data, and government secrets. While the US has long been familiar with the threat of Chinese cyber espionage, the recent increase in APT activity targeting US entities signals a potentially larger effort to gain control of important sectors of critical infrastructure.
Over the past several years, Chinese APT groups have increasingly targeted US technology and defense companies. In 2017, the group associated with a Chinese intelligence and security organization known as APT10, also known as menuPass, penetrated multiple private companies and government organizations in the US and other countries, stealing sensitive information. This group is believed to be responsible for the theft of hundreds of terabytes of data related to military technology, satellite communications, and other technology sectors. The group continues to target US technology companies and government organizations.
Other groups have also been observed targeting US infrastructure. For example, the recently discovered APT41, an advanced state-sponsored group supported by the Chinese government is believed to be linked to the theft of billions of dollars’ worth of intellectual property and other sensitive data. The group has targeted the healthcare and telecom sectors in the US, as well as multiple entities in multiple countries.
In addition to targeting government and private entities, Chinese APT groups are also believed to have gained access to US critical infrastructure companies, such as power plants, water systems, and oil and gas companies. These advanced threats have been used by Chinese APT groups to gain access to sensitive data, as well as to implant reconnaissance malware and other malicious software tools. The Chinese government has denied any involvement in these activities, but evidence indicates that they have provided financial and logistical support to APT groups targeting US infrastructure.
These Chinese APTs have established significant beachheads in US infrastructure, and their activities have the potential to cause significant disruption and economic damage. To protect against these threats, organizations should ensure that their networks and systems are properly configured and updated with the latest cyber security defenses. Additionally, organizations should monitor their networks for signs of malicious activity and promptly investigate any suspicious activity. Finally, it is imperative that organizations remain vigilant and take all necessary steps to protect their networks, data, and systems from malicious actors.
