This is your Cyber Sentinel: Beijing Watch podcast.
Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.
Over the past few days, we've seen a significant escalation in Chinese hacking campaigns. Check Point's Director of Threat Intelligence & Research, Lotem Finkelsteen, revealed a new campaign targeting suppliers of manufacturers in sensitive domains in the US and globally. The primary targets include suppliers of chemical products and physical infrastructure components like pipes. This campaign is attributed to a known Chinese threat actor, with the intention of intellectual property theft to better understand the supply chain of the targeted industry[1].
The tactics are aggressive, exploiting one-day vulnerabilities in edge devices such as operational relay boxes (ORBs), virtual private servers (VPS), and poorly secured Internet of Things (IoT) devices. This is reminiscent of the Volt Typhoon cyber espionage campaigns that targeted critical infrastructure and telecommunications organizations in the US and elsewhere in 2023 and 2024.
Meanwhile, Taiwan has been facing an onslaught of cyberattacks. The National Security Bureau reported that government networks experienced a daily average of 2.4 million attacks in 2024, double the number from 2023. These attacks are primarily attributed to Chinese state-backed hackers, targeting critical industries like telecommunications, transportation, and defense supply chains[2].
The US Treasury Department has also been a target. A state-sponsored cyberattack by the Chinese Communist Party (CCP) in early December marks the latest escalation in Beijing’s use of hybrid tactics to undermine strategic competitors. This attack is part of a broader campaign to disrupt military supply lines and hinder an effective US response in case of a potential conflict over Taiwan[3].
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data and private communications of individuals involved in government or political activity[4].
In response, the US Treasury has sanctioned Beijing-based cybersecurity company Integrity Technology Group, Incorporated, for its role in supporting the malicious cyber group Flax Typhoon. This group has been active since at least 2021, targeting organizations within US critical infrastructure sectors[5].
So, what does this mean for us? It's clear that Chinese cyber activities are becoming increasingly sophisticated and aggressive. To protect ourselves, we need to review our customers, vendors, and partners, and see ourselves in the bigger picture. This includes patching vulnerabilities promptly, securing edge devices, and sharing threat information in real time.
Stay vigilant, and until next time, stay secure. This is Ting, signing off from Cyber Sentinel: Beijing Watch.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
