The third installment of our “Big Four” series on China is filled with so much great information that it’s our longest episode yet. Lloyd Brown, Principal Analyst for our Custom Intel Team, and Scott Henderson, Principal Analyst for our Cyber Espionage Team, joined me to peel back the layers of China’s cyber capabilities.
Similar to past episodes in this series, we started at the beginning of China’s cyber operations—dating back to 2003. Scott and Lloyd took me through a detailed look at all the stages of China’s operations, including the shift in 2015/2016 from being “clumsy and noisy” to stealthy. Lloyd brings up a great point that’s worth hearing about their use of CVE exploits (which came into play with the recent Microsoft Exchange server exploits).
We also discussed how China’s cyber activity is driven by economic interests such as the Belt and Road initiative, the nature of their operations surrounding global elections, APT41’s cybercrime activity in addition to cyber espionage, and where they think China’s operations are headed. You’ll definitely want to stick around to the very end. Since our initial recording occurred before the Microsoft Exchange exploits, I decided to follow up with Lloyd to get his take on HAFNIUM and the UNC groups we’re tracking related to that activity.
Know the threats that affect your organization with up-to-the-minute threat intelligence by signing up for Mandiant Advantage Free.