Global critical infrastructure faced a significant uptick in cyberattacks orchestrated by China-backed nation-state actors throughout 2024. These cyber intrusions, marked by increased sophistication and targeted precision, have raised alarms among cybersecurity experts and international authorities. The escalation underscores the growing prowess of China in offensive cyber operations, posing heightened risks to various industries worldwide.
Cyberattacks in previous years, while persistent, lacked the specialized targeting and advanced techniques seen in 2024. Earlier incidents typically involved broad-based intrusions without distinct focus on specific sectors, indicating a shift towards more calculated and strategic cyber warfare tactics by China-linked groups.
How Have China-Linked Cyberattacks Evolved?
China-associated cyberattacks have advanced in both complexity and specialization, with threat groups honing their skills to target specific industries. CrowdStrike identified seven new China-linked threat groups in 2024, five of which demonstrated unique specializations and enhanced capabilities. Among these, Liminal Panda, Locksmith Panda, and Operator Panda focused on telecom networks, employing sophisticated tools and techniques to breach targeted systems.
“After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,”
remarked Adam Meyers, a senior vice president at CrowdStrike.
Which Sectors Are Most Affected?
Financial services, media, manufacturing, industrials, and engineering sectors experienced the most significant increase in China-related cyber intrusions, with a staggering 150% rise compared to 2023. These sectors saw triple or quadruple the number of attacks, indicating a focused effort to compromise industries vital to economic stability and technological advancement.
What Are the Implications for Global Security?
The persistent access sought by China-linked threat groups poses substantial threats to global security infrastructure.
“What used to be smash-and-grab — they would come in, steal what they could and leave — now they want enduring and persistent access,”
explained Meyers, highlighting the shift towards sustained network infiltration. This approach could undermine critical services and impede responses during international conflicts, such as potential tensions over Taiwan.
China’s offensive cyber operations continue to focus primarily on intelligence gathering. However, the increasing capability and intent to disrupt critical infrastructure networks illustrate a broader strategic objective to constrain the U.S. and its allies’ operational effectiveness in times of conflict.
Organizations must enhance their cybersecurity defenses and adopt proactive measures to detect and mitigate these sophisticated threats. Emphasizing collaboration and information sharing among international partners will be crucial in countering the evolving tactics of China-backed cyber adversaries.
