Overview of digital threats linked to China

During 2023, Chinese interference in Canada was at the heart of the news. On the digital side, “APTs” attacker groups linked to China have been particularly active, conducting numerous cyberespionage operations.

Researchers at ESET – a major provider of security solutions with a research office in Montreal – have acquired expertise in the analysis and intelligence of cyberattacks attributed to China. We have thus identified cyber espionage operations against governments, strategic companies (defense or high technology sectors for example) and individuals linked to the “five poisons” (activists for the independence of Taiwan, the Uighurs, the Tibetans , Falun Gong and pro-democracy activists). Attacker groups linked to China are particularly active in Asia and Europe, but also in North America.

In this presentation, we will provide an overview of threats from groups linked to China, using four case studies. We will discuss the following groups of attackers:

• Volt Typhoon, which particularly targets defense companies in North America
• GREF, which spies on Uyghurs using booby-trapped Android applications* • GALLIUM, which specializes in compromising telecommunications providers
• Mustang Panda, which targets governments, particularly diplomats in Europe, and NGOs

About the speakers

Mathieu Tartare

Mathieu Tartare is a senior malware researcher at ESET. His work focuses primarily on cyberespionage groups and he leads a research team at ESET’s R&D center in Montreal.

He obtained his doctorate in astrophysics in 2013 and worked in high performance computing before starting his career in cybersecurity in 2018, joining ESET.

Matthieu Faou

!Matthieu Faou Matthieu Faou is a senior malware researcher at ESET where he specializes in the analysis of targeted attacks. Its main tasks include tracking cyber espionage groups and reverse engineering malware.

He completed his master’s degree in computer science at École Polytechnique de Montréal and École des Mines de Nancy in 2016. In the past, he has presented at several conferences, including Black Hat USA, BlueHat, Botconf, CYBERWARCON, RECON and Virus Bulletin.