Cyberattacks carried out by China-backed nation-state actors surged last year, showcasing technical advancements and specialized targeting in a broader escalation of the country’s ability to infiltrate global critical infrastructure, CrowdStrike said in an annual threat report released Thursday.“After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,” Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said during a media briefing.China-linked intrusions jumped a “terrifying” 150% across all sectors in 2024 compared to 2023, Meyers said. The most significant increases were in financial services, media, manufacturing, industrials and engineering, sectors that experienced triple or quadruple the amount of China-related intrusions compared to the previous year.CrowdStrike observed significant growth in China’s offensive cyber capabilities last year, with more nation-state-backed threat groups using specialized skills to target specific industries and technologies unique to those sectors. Out of the seven new China-linked threat groups CrowdStrike identified last year, five showed distinct specializations and advanced capabilities. Among them were three groups, tracked as Liminal Panda, Locksmith Panda and Operator Panda, which targeted specific tasks and tools related to telecom networks.Operator Panda, a Chinese threat group more commonly known as Salt Typhoon, was linked to a spree of attacks on U.S. and global telecom providers that started two years before U.S. officials discovered it last spring. The group remains active, found on five additional telecom networks as recently as January, Recorded Future’s Insikt Group said in a report earlier this month. The different specializations displayed by these groups marks a notable shift in the country’s offensive capabilities, brought on by the country’s yearslong effort to develop and maintain highly trained and readily available technical talent, the report found.The China-linked threat groups are also increasing efforts to stay undetected on the networks, Meyers said. Multiple threat groups established operational relay box (ORB) networks, which are botnets consisting of hundreds or thousands of compromised edge devices to route traffic during intrusions to obfuscate their operations.“What used to be smash-and-grab — they would come in, steal what they could and leave — now they want enduring and persistent access,” Meyers said.Chinese threat groups pose a significant threat to critical infrastructure, particularly Volt Typhoon, a group CrowdStrike tracks as Vanguard Panda. That group has targeted critical infrastructure of logistics networks related to maritime operations, air transportation and intercontinental travel, Meyers said. China’s offensive cyber operations are still largely focused on intelligence gathering, according to Meyers. Yet, as officials have warned, China-linked threat groups are proactively intruding critical infrastructure networks and maintaining access to potentially limit U.S. efforts to respond to conflicts, such as if China decides to invade Taiwan.If there is a conflict with China over Taiwan, the U.S. government would likely send a carrier strike team to the Taiwan Straits to try to dissuade China’s aggression, Meyers said. “If they can’t get food and water and all the things they need to constantly restock, then it’s going to be real difficult to deter China,” he said.“That is why pre-positioning, or what we would call operational preparation of the environment, are so important to be on the lookout for and why we need to deter China from doing these things,” Meyers said.The post It’s not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills appeared first on CyberScoop.