CrowdStrike reports that hackers working for the Chinese government are the most active worldwide. The company’s most recent OverWatch research report states that hackers from China are as active as hackers from Russia, Vietnam, Iran and North Korea combined.
According to CrowdStrike, the Chinese government’s main target is a number of industries, including the chemical industry, gaming, healthcare, hospitality, manufacturing, telecommunications and technology in general. The report also shows an overall increase in eCrime (cybercrimes with financial gain as a goal) in the first half of 2019. According to CrowdStrike, this is due to an increased exchange of TTPs: tools, techniques and procedures. Different hacker groups share more knowledge with each other about how to execute their attacks. For example, groups that are active on behalf of certain countries exchange more and more information with hackers who are active purely for financial gain.
CrowdStrike also reports that 61 percent of all cyber attacks in the first half of 2019 came from what are called eCrime-hackers by the company. In 2018, this percentage was ‘only’ 25 percent. Especially the growth of the exchange of TTP’s is the cause of this. As a result of this, hackers become more and more threatening and can, therefore, demand large sums of money from victims more quickly.
Ronald Pool, Cyber Security Specialist at CrowdStrike: “Our OverWatch team regularly discovers hackers who have gained access to networks by using valid accounts. In this way, they infiltrate corporate networks. It is clear that hackers are becoming increasingly bold and are using advanced tools to do damage. For example, hackers are increasingly involved in ‘Big Game Hunting’, where they infiltrate deep into a company and then suddenly turn the switch and distribute their ransomware. The impact is often so great that it is very likely that the victim will pay the required ransom.”