CrowdStrike’s latest “Global Threat Report” has identified China as the primary nation-state threat, with a significant 150% increase in China-nexus activity observed across all industry sectors. This report, released by the security vendor on Thursday, delves into the emerging threats and threat actors from the previous year, highlighting the ongoing cybersecurity challenges posed by the People’s Republic of China (PRC).
The heightened focus on China’s cyber capabilities comes in the wake of the compromised telecommunications providers by PRC-backed threat group Salt Typhoon last year. Despite efforts to mitigate the threat, Recorded Future recently discovered ongoing threat campaigns targeting Cisco devices as recently as January. This continuous activity underscores the persistent danger posed by Chinese cyber actors.
According to CrowdStrike’s report, Chinese nation-state capabilities hit an “inflection point” in 2024, with espionage activities across various sectors on the rise. The report noted a staggering 150% increase in threat activity from PRC-linked actors across all sectors, with specific industries like engineering, financial services, industrial, manufacturing, and media experiencing even higher spikes ranging from 200% to 300%.
Even among the top sectors targeted by China-nexus adversaries — government, technology, and telecommunications — there was a notable 50% increase in activity in 2024 compared to the previous year. Additionally, these adversaries have been responding to disruption efforts by government, law enforcement, and researchers by intensifying efforts to conceal their operations, using tactics like ORB networks.
Adam Meyers, CrowdStrike’s senior vice president of Counter Adversary Operations, emphasized the alarming advancements in China’s cyber capabilities, placing them on par with other global powers. Meyers underscored the political ambitions driving China’s cyber initiatives and the need for vigilance in the face of escalating cyber threats.
While China’s broader espionage and influence objectives remain unchanged, the report highlighted President Xi Jinping’s 2014 directive for China to become a “cyber power” and the CCP’s strategy outlined in the 14th Five-Year Plan. The motivations behind China’s cyber activities appear to be driven by a desire for regional influence, including the contentious issue of Taiwan’s reunification, which could potentially escalate tensions with the United States.
Notably, CrowdStrike identified seven new China-nexus threat actors, each with distinct specializations targeting telecom networks, the financial sector, and government entities in specific regions. The report also highlighted the increasing trend of voice phishing (vishing) and spam bombing, as well as the decreasing breakout time for threat actors to gain lateral movement once inside a network.
The rapid evolution and sophistication of China’s cyber capabilities underscore the urgent need for enhanced cybersecurity measures, real-time threat detection, and proactive threat hunting to mitigate the growing risks posed by nation-state actors like China. As the cybersecurity landscape continues to evolve, organizations must remain vigilant and adaptive in their defense strategies to counter these persistent and evolving threats.