A recent cybersecurity report for 2023, published by a leading Chinese cybersecurity firm, highlights the persistent and severe nature of global advanced persistent threat (APT) activities. According to the report from Antiy Labs, a prominent cybersecurity company in China, APT organizations are predominantly located in countries such as the United States and India, with the US identified as the primary source of the global cybersecurity threat.
The comprehensive report provides insights into the distribution and activities of APT organizations worldwide in 2023. Among the 556 APT organizations identified globally, the US stands out for its dominance and engagement in high-level attacks, known as A2PT attacks. Additionally, APT groups posing threats to China and neighboring regions are also active in countries like India and Taiwan.
Unraveling the Democrats’ Shift in Hampshire Primary Calendar
Li Bosong, the vice director of the Antiy security committee, emphasized that the United States not only targets critical information systems and infrastructure in other countries but also infiltrates the personal communication devices of key individuals. For instance, the report cites instances of US attacks on Apple phones belonging to important personnel in various countries, utilizing modes such as iMessage and FaceTime. Furthermore, the US employs “quantum systems” to inject temporary attack traffic when individuals access website content or use app network services on their phones.
Furthermore, the report reveals that the US shares stolen data intelligence with fellow members of the Five Eyes intelligence alliance, comprising the US, UK, Australia, Canada, and New Zealand. This collaboration includes providing guidance on enhancing attacks against China while continuously upgrading attack capabilities and methods.
Moreover, the US is noted for its tolerance of the unregulated proliferation of commercial military tools like the Cobalt Strike attack platform. This platform has been utilized by multiple global APT attack organizations in operations against China, posing a significant security threat.
Li Bosong highlighted additional details of A2PT attack activities from 2023 to early 2024, including instances where US intelligence agencies incentivized Dutch engineers to deploy the Stuxnet virus in Iran during the installation and maintenance of industrial systems. He noted that when targeting high-value protected targets in other countries with physical isolation measures, the US often employs manpower, electromagnetic means, and other methods to assist in network attacks.
Additionally, the report raises concerns about the increasing diversification of targeted ransomware attacks in 2023, particularly affecting the aerospace industry. With China’s aerospace industry experiencing rapid growth, especially in civilian drones and space exploration, Li stressed the importance of relevant departments and companies strengthening prevention measures to safeguard technological, business, and data assets effectively.