China’s cybersecurity landscape faced over 1,300 cyberattacks orchestrated by APT groups in 2024, according to a Global Times report citing research from 360 Security Group.
The study reveals that these cyberattacks targeted 14 critical industries across China, with government agencies, academic and research institutions, the defense sector, and transportation infrastructure bearing the brunt of the assaults. The perpetrators include 13 APT groups operating from South, Southeast, and East Asia, as well as North America.
APT groups are known for conducting highly sophisticated cyber intrusions, often with the intent of exfiltrating classified data or engaging in strategic sabotage. In 2024, their primary targets were Chinese government entities, particularly those involved in diplomatic affairs, maritime operations, and transportation management. According to 360 Security Group, the attackers sought to gain intelligence on China’s diplomatic strategies and positions on key international issues.
Universities and research institutions affiliated with defense industries, international relations, and cutting-edge technology also found themselves in the crosshairs. The report underscores the far-reaching implications of these threats, warning that such attacks not only compromise military intelligence but could also lead to intrusions into military facilities, disruption of command systems, and the dissemination of deceptive instructions.
A notable shift in attack patterns has been observed in the electric vehicle (EV) sector, which has seen rapid growth in recent years. APT groups have increasingly sought vulnerabilities within this industry, signaling a new frontier in cyber espionage.
Additionally, there has been a surge in attacks targeting Chinese software systems used across various sectors, including government institutions. The report also highlights the growing prevalence of supply chain attacks, where hackers compromise software vendors to circumvent the security defenses of their ultimate targets. 360 Security Group warns that a successful breach of such software could have far-reaching consequences, given the widespread adoption of Chinese IT systems in the corporate landscape.
Among the most prolific threat actors identified are:
- APT-C-01 (Poison Ivy) from East Asia, which primarily targets government and educational institutions.
- APT-C-00 (Ocean Lotus) from Southeast Asia, focusing on state agencies and scientific research centers.
- Two newly uncovered groups in 2024: APT-C-70 (Rhino Unicornis) from South Asia and APT-C-65 (Golden Pothos) from East Asia.
Particular attention is given to APT-C-39, which has alleged ties to the U.S. CIA. This group has been actively exploiting zero-day vulnerabilities to conduct cyber espionage operations in China, specifically targeting leading research institutions specializing in aviation, aerospace technologies, and materials science. Investigators noted that APT-C-39 deployed Trojan malware via the servers of a Chinese software manufacturer, enabling deep infiltration into critical systems.
The report underscores that the use of zero-day vulnerabilities remains alarmingly prevalent, with attack vectors increasingly shifting toward mobile platforms. Simultaneously, the rapid evolution of artificial intelligence in 2024 has introduced new cybersecurity challenges, necessitating stricter regulatory oversight and enhanced security frameworks to mitigate emerging threats.
