Cyber Threat Actor: China
| Actor Type | Location | Known Incidents |
Nation State
|
China
|
4 incidents |
|---|
Profile
The threat actor in question is a nation-state entity based in China, with the country's 2-character ISO-3166 code being "CN." They are known by the alias "China," indicating their country of origin. This group has been active in the cyber realm, with a particular focus on ideological differences and organizational gains. One notable incident involving this threat actor was a cyberattack on a pro-independence Scottish newspaper, "The National." On March 13, 2020, the website of the newspaper was temporarily unavailable for over an hour due to an external denial-of-service tactic employed by the threat actor. While there were no known data breaches or physical damage, the attack highlighted the group's motivation to target organizations with differing ideological stances. Another incident implicating this group involves a supply chain compromise. A Chinese-manufactured smartphone sold by Taiwan Mobile was found to have a trojan virus installed, impacting over 94,000 subscribers and leading to identity theft. This incident drew attention to the risks of using devices sourced from countries with a high likelihood of cyber activity. The virus was implanted during the manufacturing process in China, underscoring the threat actor's ability to exploit the supply chain for malicious purposes. With a classification of a nation-state actor, this group poses a significant threat, and their activities have the potential to impact a large number of individuals and organizations. Their motivation stems from ideological differences and the pursuit of organizational gains, demonstrating a calculated and strategic approach to their cyber activities. As such, this threat actor warrants close monitoring and proactive security measures to safeguard against potential future attacks.
