"APT cyber threats against organizations have significantly increased, nearly doubled by China, according to Kevin Mandia and Nicole Perlroth's warning."
Hol' up, folks! The threat coming from China-backed groups against businesses is at an all-time high and yet, it seems like not many realize the severity, right? Let's dive into a riveting conversation between cybersecurity expert Kevin Mandia and reporter Nicole Perlroth at RSAC Conference 2025, where they shared some eye-opening experiences.
China's level of cyber aggression has nearly doubled, according to Mandia, since there's no established set of rules in place. And he's not so optimistic that such rules will ever be agreed upon. Mind-blowing, right? Cutting to the chase, Mandia shared a chilling tale from '96 - a cyber attack response where numerous US Air Force bases were compromised by Beijing-based operatives. Unfortunately, back then, they didn't have a tinker's damn idea how to deal with it.
On the other hand, Perlroth joined the cybersecurity beat in 2010 and struggled to get organizations and governments to acknowledge the constant threat these China-based groups posed. So, she and Mandia shed some light on the hellish world of advanced persistent threats (APTs) coming from China.
But wait, things changed when Mandiant released a groundbreaking report on APT1 in '13. This baby named and shamed the group for breaching 141 victims, linking them to the Chinese military, and detailing their infrastructure and indicators of compromise (IOCs). Mandia said they did it to make a stink about how China was hacking everyone, and no one was clueing in.
Today, China's need for a scapegoat has escalated, and governments have been more vocal about exposing China's involvement in cyber attacks and even slapping sanctions on organizations tied to malicious acts. Yet, Perlroth cautions that we're still far from understanding the depth of China's infiltration into enterprise systems, primarily for theft of intellectual property.
When critical infrastructure is hacked, Perlroth says the fancy plan could simply be to crash and burn, stay hidden, and snatch even more credentials. It's like playing a high-stakes game of digital chicken, with everyone daring the other to shoot first, and our new-age deterrence.
Wanna know something scary? This cyber warfare could be used in the case of a geopolitical mess, causing attacks on a scale similar to the Colonial Pipeline breach, four or five times over. And it seems there's still more to uncover in the modus operandi of China-backed groups.
Speaking of which, Perlroth pointed to the Littleton, Massachusetts, Water Department's breach by the crew called Volt Typhoon, despite its small size. When she questioned the General Manager about the attack's benefits, they were at a loss. So, we should all take a moment to ponder - why is China messing with little water and electric utility departments like that?
Moving on, Mandia predicted a surge in cybercrime as a result of global tensions and economic strife, with people turning to cyber attacks to get their funds. He warned security teams that they'd be ordered to tighten their belts, and the question was - how could they defend against a rising threat landscape with the same or fewer resources?
Mandia cited the use of AI to boost security productivity as a promising aid to meet this challenge, but urged attendees to act fast before resources get stripped away. He also confessed to changing his stance on cyber hygiene, realizing that it indeed matters.
By implementing practices like multi-factor authentication, regular updates and patches, and using advanced security tools, businesses can greatly diminish their vulnerability to APTs.
Wanna learn more about how to safeguard your business against China-backed APTs? Stay tuned as we continue to explore the intriguing world of cybersecurity!
Sign up for our daily newsletter and get a complimentary copy of our Future Focus 2025 report – the premier insight on AI, cybersecurity, and other IT challenges based on 700+ senior execs’ opinions.
MORE FROM ITPRO
- China cyber threats: What businesses can do to protect themselves
- What is an APT and how are they tracked?
- Warning issued after Chinese hacker group breaches telco firms in "dozens of countries"
Speaking of hygiene, buddy, don't forget to wash your hands!
China's escalating cyber aggression, as highlighted by cybersecurity expert Kevin Mandia, poses a significant threat to businesses, especially considering the lack of international regulations to counter such activities. In light of this, implementing strong cybersecurity infrastructure equipped with advanced technology, such as multi-factor authentication, regular updates, and advanced security tools, can significantly reduce vulnerability to Advanced Persistent Threats (APTs), a major concern arising from China-linked groups.
