Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The year 2024 saw a rise in nation-state threats led by China, while generative AI continues to boost cyber criminals’ capacity to cause harm.
Cyber attacks by state-backed Chinese hackers rose remarkably in 2024, with increasingly technically competent threat actors targeting both the public and private sectors.
Intrusions into government systems by China-backed hackers rose by 50 per cent compared to 2023, while cyber espionage campaigns targeting all other sectors – such as the media, financial services, and manufacturing – rose by an alarming 150 per cent.
The new figures come from CrowdStrike’s latest Global Threat Report and reveal that Australia is not immune to the uptick in Chinese activity, particularly given the ongoing AUKUS partnership between the United States, the United Kingdom, and Australia.
“China is very concerned about Australia effectively becoming a nuclear sea power,” Adam Meyers (pictured), SVP of counter adversary operations at CrowdStrike, told Cyber Daily ahead of the report’s release.
“They see the region as very definitely their sphere of influence, so any increase in the capacity of one of America’s allies in the region is definitely driving Chinese hacking activity.”
However, while Chinese hackers are probably the biggest global threat in terms of espionage, hackers with links to the North Korean government are using cryptocurrency theft and fake job scams to bring in money to the rogue regime to fund its advanced weapon programs. The threat actor tracked as Famous Chollima by CrowdStrike is particularly adept at running fake IT worker schemes, with fake workers earning multiple wages while doing the minimum possible work to maintain their positions.
These schemes can also take advantage of access to businesses that may host useful data or intellectual property, leading to incidents of insider leaks and opportunities to deploy malware.
Other DPRK-backed groups – such as Labyrinth Chollima, Velvet Chollima, and Silent Chollima – have targeted entities in the defence and aerospace industries specifically. However, again, the activity largely revolves around income generation.
“These fake workers use generative AI to help them with interview questions and large language models to create entire LinkedIn pages,” Meyers said.
“And since these fake workers are hired as remote workers, they get sent a package with a work laptop and some swag, they then claim an illness in their household, and get the laptop sent elsewhere, and that’s where you get these laptop farms, maybe a residence, maybe a small cloud hosting business.
“Then they remote access these laptops, and the company is none the wiser, as the company believes they are working from a legitimate location.”
But it’s not just the nation-backed hackers that are evolving – the cyber criminal element is also becoming faster and more effective at exploiting technology and its victims.
Perhaps the most worrying statistic in this regard is breakout time – the time it takes for a threat actor to achieve access to a network. In 2023, the average breakout time was 62 minutes; however, in 2024, that time dropped to 48 minutes.
“The fastest time we saw in the last 12 months, though,” Meyers said, “was just 51 seconds from initial contact to breakout”.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
