Asian Cyber Threats Evolve: New Strategies Target Familiar Sectors

May 16, 2024

Since mid-2023, Microsoft has noted a significant shift in cyber and influence trends emanating from China and North Korea. These nation-state threat groups are intensifying their efforts on known targets, employing increasingly advanced influence tactics. Security teams need to stay updated on these trends to effectively safeguard their organizations.

Chinese cyber actors have primarily targeted three areas: South Pacific islands entities, regional adversaries in South China Sea, and the US defense industrial base. Simultaneously, Chinese influence actors have improved their use of AI-generated and AI-enhanced content, while also experimenting with new media to fuel divisions within the US and amplify rifts in the Asia-Pacific region.

A September 2023 report revealed the use of generative artificial intelligence by Chinese influence operation assets to create engaging visual content. This includes AI-generated memes aimed at the US to amplify controversial domestic issues and criticize the Biden administration. Storm-1376, a prolific Chinese threat actor, has been using AI content across 175 websites and 58 different languages. Recently, Storm-1376's campaigns started using AI-generated photos to mislead audiences and target new populations with localized content.

In August, Storm-1376 disseminated several conspiratorial social media posts alleging that the US government intentionally set fires on Maui island in Hawaii to test a military-grade 'weather weapon.' The actor used AI-generated images of burning coastal roads and residences to make the content more engaging. As the 2024 US election cycle approaches, it is anticipated that China will continue to create and amplify AI-generated content aimed at the American public.

On the other hand, North Korean cyber threat actors have stolen hundreds of millions of dollars in cryptocurrency, executed software supply chain attacks, and targeted their perceived national security adversaries in 2023. The United Nations estimates that North Korean cyber actors have stolen over $3 billion in cryptocurrency since 2017, with multiple heists totaling between $600 million and $1 billion in 2023 alone.

A threat actor tracked by Microsoft, Sapphire Sleet, has conducted several small but frequent cryptocurrency theft operations. The group has developed new techniques for these operations, such as sending fake virtual meeting invitations containing links to an attacker domain and registering fake job-recruiting websites. Sapphire Sleet targets executives and developers at cryptocurrency, venture capital, and other financial organizations.

North Korean threat actors have also conducted software supply chain attacks on IT firms, gaining access to downstream customers. A group known as Jade Sleet used GitHub repositories and weaponized npm packages in a social engineering spear-phishing campaign targeting employees of cryptocurrency and technology organizations. Another group, Onyx Sleet, exploited the TeamCity CVE-2023-42793 vulnerability to perform a remote code execution attack and gain administrative control of servers.

As North Korea enacts new government policies and plans for weapons testing, it is expected that sophisticated cryptocurrency heists and supply chain attacks targeting the defense sector will increase. Defense and related industry security teams must remain alert to these threats.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.