China-linked attackers exploiting trusted relationships

China-nexus adversaries are exploiting trusted third-party relationships in attempts to deploy malicious implants and gain initial access to targeted systems, according to a new report from CrowdStrike.

The report comes in the wake of warnings from the Australian Cyber Security Centre that state sponsored cyber actors linked to China have compromised US critical infrastructure and Australian infrastructure is likely to also be vulnerable.

According to CrowdStrike’s report, two adversaries linked to China have been consistently exploiting trusted relationships through supply chain compromises and actor-on-the-side or actor-in-the-middle attacks on important infrastructure.

The report also warns that adversaries linked to China, Russia and Iran are highly likely to conduct mis- or disinformation operations in 2024 aimed at influencing the more than 40 democratic elections planned worldwide in 2024.

CrowdStrike Head of Counter Adversary Operations Adam Meyers said the findings demonstrate that state-sponsored attackers represent a growing threat.

“Over the course of 2023, CrowdStrike observed unprecedented stealthy operations from brazen e-crime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe,” he said.

“Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations.”

The report also found that the speed of cyber attacks is accelerating at an alarming rate, with the average breakout time decreasing in 2023 from 84 minutes to just 62. Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools, the report states.

Interactive intrusion activity accounted for 60% of attacks, and 75% of attacks to gain initial access did not rely on malware but rather social engineering, supply chain targeting and the use of access brokers, CrowdStrike said.

During the year there was a 75% increase in successful cloud attacks and a 110% year-on-year increase in cloud-conscious cases, reflecting the growing role of the cloud as a battleground for attacks.

Image credit: iStock.com/Kagenmi