.png)
In this report:
A detailed assessment of the latest Chinese Chinese cyber campaigns
A breakdown of the various threat actors and their subsequent toolsets and tactics
A timeline of significant events throughout the Fall of 2024 related to these threat actors
In a statement released on September 23rd, the United States Department of Commerce proposed a ban on importing and selling internet-connected vehicles that incorporate software or hardware from foreign adversaries, particularly China. The ban would go in effect for the 2027 model year, and is focused on Vehicle Connectivity Systems (VCS) and Automated Driving Systems (ADS) used in such cars. The concerns cited are that such technology could enable adversaries to collect sensitive data or remotely control vehicles on U.S. roads. While the European Union hasn’t adopted a similar approach, there are growing concerns that there is a significant cybersecurity risk to critical European infrastructure from such Internet-of-Things (IoT) attack vectors.
The DoC’s decision came just a few days after an announcement by the US Federal Bureau of Investigation (FBI) that the Bureau, with the help of several international partners, dismantled a botnet consisting of over 260,000 devices, including 60,000 or more from Europe, controlled by China-based cyber threat actors. If undiscovered, it would have enabled such threat actors to conduct various cyberattacks all over the world.
This latest sequence of policy moves and cyber defense actions reflects a growing, global consensus on the urgent need to counteract cybersecurity risks posed by Chinese threat actors. As Chinese cyber campaigns increasingly target critical infrastructure and exploit IoT vulnerabilities, European agencies and their allies are playing catch-up with their defenses and various investigations.
It can be easy to dismiss the Chinese cyber campaign as a type of brinksmanship between US and Chinese interests, however, the massive implications on global trade between China, Southeast Asia, and Europe cannot be understated.
