Chinese hackers have ramped up attacks on tech firms, telcos and governments with "increasingly bold" and specialised tactics.

That's according to CrowdStrike, which warned today that the nation's cyber -espionage capabilities reached an "inflection point" in 2024.

The cybersecurity firm's 2025 annual threat report claimed that intrusions linked to China had soared 150% and identified five new groups.

Crowdstrike's global threat report, released Monday, said Chinese groups have responded to increased international tracking by "redoubling" obfuscation operations, in line with the government's cyber strategy to influence geopolitics and social movements in southeast Asia.

"China-nexus targeted intrusion operations are marked by increased OPSEC and specialization. Adversaries are pre-positioning themselves into critical networks and are supported by industry networking and larger ecosystems, which include shared tooling and training pipelines supplying them with sophisticated malware and tradecraft." – CrowdStrike 2025 Global Threat Report
China-linked intrusions rose across the global economy in 2024. Image Credit: Crowdstrike

It found China-linked intrusions had risen 50% in the most commonly targeted sectors, tech, telco and government, and jumped 200-300% in the financial, media, manufacturing and engineering sectors.

The cybersecurity company also detailed new groups including Liminal Panda, Locksmith Panda and Vault Panda with "extensive knowledge of telco networks" and a focus on using web-facing applications to access tech companies, particularly in Taiwan, Indonesia and Hong Kong.

Chinese hackers have been active

The warning comes a few days after Singapore publicly called out Chinese hackers for the first time, with Home Affairs Minister K Shanmugam warning the public about attacks linked to the UNC3886 group, though later saying that naming the country linked to the group was "not in our interest at this point in time."

Also in July, the US Justice Department indicted two hackers working for China's Ministry of State Security for their involvement with the Hafnium group, which used Microsoft Exchange vulnerabilities to target networks around the world in 2020 and 2021.

See also: Chinese Weaver Ant group used web shell 'tunnelling' to spy on telco company for four years

Microsoft also warned Chinese groups, including Storm-2603, had been exploiting the critical SharePoint vulnerabilities disclosed last month to deploy Warlock ransomware.

Crowdstrike said Chinese groups were "pre-positioning themselves into critical networks" and leveraging the country's broad cyber ecosystem to share tooling and training pipelines, likely helped along by the Chinese Communist Party's investments in university cyber talent and industry networking.

The link has been copied!