Orange Cyberdefense CERT Threat Research: The hidden network report
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes:
Note: The analysis cut-off date for this report was October 22, 2024. Authors: Piotr Malachiński & World Watch team
Between 2023 and 2024, our World Watch Cyber Threat Intelligence team issued over 35 advisories and updates concerning zero-day vulnerabilities exploited by Chinese threat actors. These account for 41% of all advisories with a high or very high threat level (equal to or above 4/5 based on our scoring scheme), representing a substantial portion of the critical threats potentially facing our customers. Whether aimed at directly compromising organizations for intelligence gathering or broadly infecting edge devices to build botnets or operational relay box (ORB) networks, the exploitation of vulnerabilities by Chinese state-linked threat actors underscores their considerable offensive capabilities.
The existence of state-sponsored threat groups operating under the Chinese state's direction has long been well documented. Since Mandiant's groundbreaking 2013 report exposing APT1, numerous other Advanced Persistent Threat (APT) groups have been linked to Chinese government entities, particularly the People's Liberation Army (PLA) and the Ministry of State Security (MSS).
