Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says

Six hacking groups have focused on the telecommunications sector in the first half of this year, according to new CrowdStrike research.
For suspected Chinese hackers, U.S. telecoms represent a tempting target for espionage. (Getty Images)

Six suspected Chinese hacking groups have zeroed-in on entities in the telecommunications sector in the first half of this year, according to CrowdStrike research published Tuesday.

While CrowdStrike did not identify the groups by name, attackers have likely been running their hacking operations in an effort to steal sensitive data about targets, or to conduct intellectual property theft, researchers at the threat intelligence firm determined. CrowdStrike also did not identify the targets.

The telecommunications sector was among the top most-targeted sectors in the first half of 2020, the company said, alluding to behavior that aligns with previous espionage patterns from hackers with suspected ties to Beijing. Publication of the report coincides with a fresh warning from the U.S. Department of Homeland Security that a Chinese intelligence agency is exploiting known software flaws to gather information from U.S. federal agencies, and amid an ongoing U.S. government effort to safeguard research into a COVID-19 vaccine, which Chinese hackers are alleged to have targeted.

Chinese hackers have gained infamy in U.S. government circles for alleged IP theft, though in recent years some groups have honed their ability to conduct targeted surveillance, according to security practitioners. Last year, a group known as APT41 tracked down specific data on individuals by breaching a phone company, according to research from FireEye. That group, FireEye determined, conducts espionage operations for China’s Communist Party, and also has focused on individuals of interest to the Chinese government, including those discussing the military or protests in Hong Kong.


Hackers based in China also compromised cellular providers in Africa, Europe, the Middle East, and Asia last year, according to Cybereason research.

China’s potential ability to tap into Chinese-owned telecommunications firms has roiled corporate efforts to build out 5G networks in the U.S. and allied nations. U.S. intelligence officials and lawmakers have said Beijing is able to leverage access to Chinese-owned firms, such as Huawei, for data collection purposes.

In recent months U.S. national security officials urged the Federal Communications Commission to block a Chinese state-owned telecommunications firm from providing service to American customers over concerns about espionage or disruption to service.

Chinese government officials, and Huawei executives consistently have denied engaging in cyber-espionage.

While Chinese threat actors dedicated a significant amount of attention to targeting telecommunications entities in the first half of this year, Chinese actors have also targeted health care, pharmaceutical, and manufacturing entities, according to CrowdStrike. From January to June, manufacturing was the second most-targeted sector overall, a marked shift from where it normally falls, according to CrowdStrike’s tracking. Last year, for instance, it was not among the top ten most frequently targeted sectors.


Meanwhile, medical entities overall were the fifth most-targeted from January to June this year.

The Department of Defense, the NSA, the Department of Homeland Security, and the FBI recently launched an effort to stop hackers from disrupting work toward a coronavirus vaccine, as CyberScoop first reported. Hackers’ interest in manufacturing entities could be tied to the race to develop and manufacture coronavirus vaccines amid the ongoing pandemic.

Chinese actors associated with a Chinese intelligence agency, the Ministry of State Security, have targeted coronavirus vaccine research in the U.S. this year, according to the Justice Department.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts