What are Chinese APT groups up to?

By Prayukth K V
August 5, 2022

In the last 48 hours, Chinese threat actors APT 27 and 41 have shown extraordinary levels of activity. The fallout from the recent geopolitical events continue to define the sequence of events in the region.  

APT 27 which is a decade-old threat actor, was at the forefront of the latest spike in cyberattacks on Taiwan. The targets were chosen to create a sense of panic and to showcase the ability of Chinese threat actors to strike anywhere at will. 

Here is the latest on some of the Chinese threat actors we are tracking:

  • APT 27, ostensibly acting on its own to protest Pelosi’s visit, has targeted many highly visible targets in Taiwan such as local  7/11, railway and mass transit stations, cafeteria, sporting events, and banking infrastructure. Some of the attacks are being routed via Russia  
  • APT 27 is already using watering Holes, Spear Phishing, Remote Code Execution, Living off the Land Attack, Rootkit Attack, Supply Chain Attack, and brute force access to target internet users and enterprises. APT 27’s footprint thus far was restricted to the APAC region (as a focus zone).  
  • Taiwanese armed forces are also being targeted through access denial attacks on key connected hardware  
  • One unnamed group from Russia is also participating in/supporting these attacks  
  • Honeypots in South Asia have not reported a significant rise in inbound scans yet;  
  • DDoS attacks of this magnitude have not been recorded in Taiwan since 2019. In terms of volume, the attacks on South East Asia itself have already generated over 35,000 GB of data (Taiwan and Vietnam are the most attacked countries)  
  • China has ordered at least one other APT to indulge in revenge attacks; China is also keeping an eye on Democratic party headquarters in various states   
  • Honeypots in North America, Western Europe, Taiwan, and Vietnam have reported a 70 percent rise in incoming scans from multiple China-based players (short-term data exfiltration and long-term reconnaissance seem to be on the agenda)   
  • APT 41 China’s frontline APT has already been activated by the Chinese government 
  • APT 27 could also trigger disinformation (Psyop) campaigns in the next few weeks to create a sense of unrest and fear in Taiwan  
  • Some of the missions that were assigned to APT 40 and 41 have not yet been completed and may have even been abandoned. This has become a new feature of Chinese APT groups wherein they take up multiple missions but complete only a few 

Industrial security on your mind? Find out how your IoT, OT, and IoT deployments can benefit from our converged cybersecurity solution: Request Demo

Sign up for our threat intelligence feeds and experience the power of our global honeypot network: Sign up now.

Find out what is lurking in your network. Sign up for our threat assessment program.  


Key Points

Discover more with topics that matter to you most.

Get the latest news and insights beamed directly to you


Key Points

Get the latest news and insights beamed directly to you


Read More

Protecting your critical assets is only a few steps away

Scroll to Top