Report details onslaught of cyberattacks

More than 1,300 advanced persistent cyberattacks targeting China were detected last year, with more than half aimed at the Chinese government institutions and education sector, according to a newly released research report.

Domestically developed software systems in China have become key targets, the 2024 Advanced Persistent Threat Report published by Chinese cybersecurity firm 360 said.

The findings follow extensive cyberattacks on Chinese artificial intelligence startup DeepSeek at the end of January. The internet protocol addresses involved were all traced to the United States, according to the report.

The report said cyberspace has become a critical battleground in regional conflicts, with global advanced persistent threat organizations maintaining high levels of activity.

An advanced persistent threat is a prolonged, targeted cyberattack, often orchestrated by skilled hackers, typically state-sponsored, aiming to infiltrate and maintain access to a network for espionage or data theft.

China has long been a primary target for advanced persistent threat organizations, the report said. More than 1,300 attacks targeting China were recorded last year, with the attacking organizations primarily originating from South Asia, Southeast Asia, East Asia and North America.

The attacks targeted 14 key industries in China, with government institutions accounting for 33 percent and the education sector 20 percent. Other heavily targeted sectors included scientific research, national defense and military industries, and transportation.

"Government institutions and educational units have always been primary targets for advanced persistent threat groups," said Bian Liang, a cybersecurity expert at 360.

Attackers target diplomatic and overseas embassy institutions to steal information on the latest diplomatic strategies and positions on major international issues, Bian said, helping the political forces behind them gain an advantage in geopolitical conflicts.

"In the education sector, most of the affected universities have backgrounds in aviation and military industries or undertake related national research projects, meaning the attackers are essentially targeting China's national defense and technological development," he said.

Meanwhile, cyberattacks targeting national defense and military-related objectives primarily focus on aviation, aerospace, shipbuilding and weapons industries, the report said.

"These cyberattacks are not only capable of espionage to gather military intelligence and disrupt enemy network communications, but they can also control military facilities, paralyze enemy command and control systems, and forge and transmit false commands," Bian said. This capability makes cyber warfare an indispensable part of modern military conflicts, he added.

The report also highlighted emerging cyber threats in the automotive manufacturing, new energy and telecommunications sectors.

Domestically developed software systems in China have become major targets as more Chinese institutions replace foreign products with domestic alternatives, the report said.

Bian warned that domestically developed software has a broad customer base among Chinese enterprises and institutions, meaning penetration of a successful supply chain by an advanced persistent threat organization could have severe consequences.

The report also pointed to the risks posed by artificial intelligence large models to cybersecurity, noting a surge in their use and influence in 2024.

In late January, DeepSeek, whose AI chatbot has been described as a challenger to ChatGPT, said on its website that its AI model services had been subjected to large-scale malicious attacks, preventing many users from logging in, registering or engaging in conversations.

A January report by China Media Group cited Wang Hui, a cybersecurity expert at Chinese security company Qi An Xin Group, who said the IP addresses involved in the DeepSeek attacks were located in the United States.

Wang said the wave of cyberattacks included brute-force attacks aimed at cracking users' passwords to obtain private information.