The cybersecurity company analyzes the rise of this cyber threat targeting critical entities since 2019.

On October 31, 2024, British cybersecurity company Sophos published a report on cyberattacks conducted by Chinese state-backed groups against its firewalls. Over the past five years, the firm’s X-Ops division has identified numerous attacks using botnets, novel exploits, and custom-made malware. According to the cybersecurity company, the most significant campaigns were led by Advanced Persistent Threat (APT) groups APT31, APT41/Winnti, and Volt Typhoon.

To detect these attacks, Sophos included additional code in its firewall updates to identify attempted breaches. Through this, X-Ops was able to trace back to several research institutions located in Sichuan, central China. These institutions were tasked with identifying vulnerabilities, which they then shared “with entities associated with the Chinese government,” including state-sponsored cybercriminal groups.

X-Ops also outlines a threefold strategic evolution of these state actors. Initially, prior to 2021, they conducted “widespread and indiscriminate” attacks. However, they shifted to “highly targeted offensives against specific entities” in critical sectors. Sophos highlights sectors like nuclear energy, military, telecommunications, state security agencies, and central governments, particularly in the Asia-Pacific region.

Moreover, these state-backed groups have significantly increased their levels of stealth and persistence, notably through the use of living-off-the-land attacks. They have also introduced measures to bypass cyber-protection protocols and have reduced their digital footprints to hinder OSINT investigations.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.