Recommended reading

Chinese hackers launch major cyberattack campaign against businesses across the world

News
By published

More than 75 organizations targeted since June 2024

Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
(Image credit: Shutterstock)
  • When SentinelLABS was targeted, the researchers set out looking for more victims
  • They found 75 organizations around the world, in different industries
  • The researchers believe China may be positioning for conflict, in cyberspace or elsewhere

Chinese hackers have been targeting companies across the world for roughly a year now, and have managed to compromise at least 75 organizations - although the actual number of victims could be a lot bigger.

Cybersecurity researchers at SentinelLABS were alerted to the campaign after their own infrastructure was targeted, and in an analysis, explained that after spotting this failed breach attempt, they started looking for more victims, tried to identify the attackers, and set out to determine when the campaign started.

They concluded that the earliest evidence of the campaign was in June 2024, which means that the attacks were going on for approximately a year.

Preparing for war

They attributed the attacks to three China-linked threat actor collectives: APT15 (AKA Ke3Chang or Nylon Typhoon), UNC5174, and APT41.

The former is known for targeting telcos, IT services, and government sectors, and UNC5174 is known to have ties to China’s Ministry of State Security.

Apparently, it has been involved in global espionage and resale campaigns in the past, as well. Finally, APT41 was previously seen using ShadowPad - a piece of malware spotted in these attacks, as well.

The cyberespionage campaign targeted a wide range of victims, including an IT services and logistics company that manages hardware needs for SentinelOne employees, a leading European media organization (targeted for intelligence gathering, apparently), and a South Asian government entity providing IT services and infrastructure across multiple sectors.

SentinelLABS says most of the victims are operating in manufacturing, government, finance, telecommunications, and research sectors - all essential, critical infrastructure organizations.

This led the researchers to conclude that the attackers were most likely positioning for potential conflict, either cyber-related, or military.

"They might be going after government organizations for more direct espionage," SentinelOne threat researcher Tom Hegel told The Register.

"And then major global media organizations — maybe it's silencing certain topics or disrupting them for reporting on certain things. If they are sitting on their adversaries' networks — media organizations, or government entities or their defense companies — they are able to flip a switch if conflict were to occur."

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.