Overview of digital threats linked to China
On January 28, 2025, we had the honor of hosting Mathieu Tartare, a senior malware researcher at ESET, who presented an engaging overview of the digital threats associated with China, illustrated by several concrete case studies.
Thanks to his expertise, our speaker brilliantly detailed the operating methods of various APT groups and led a particularly enriching Q&A session.
Summary:
In recent years, Chinese interference in Canada has been at the forefront of public attention. In the digital realm, Chinese-linked APT (Advanced Persistent Threat) groups have been particularly active, carrying out numerous cyber espionage operations.
Researchers at ESET—a major security solutions provider with a research office in Montreal—have developed significant expertise in analyzing and gathering intelligence on cyberattacks attributed to China. As a result, we have identified cyber espionage operations targeting governments, strategic companies (for example, those in the defense or high-tech sectors), and individuals associated with the so-called “five poisons” (activists for Taiwan’s independence, Uyghurs, Tibetans, Falun Gong practitioners, and pro-democracy activists). Chinese-linked attacker groups are notably active in Asia and Europe, as well as in North America.
During this presentation, Mr. Tartare provided a comprehensive overview of the threats posed by these Chinese-linked groups, illustrated through several case studies that highlighted the specific characteristics of various APT groups. He analyzed the groups targeting different sectors or categories of individuals and detailed the various operating methods they employ to carry out their operations.
The presentation also examined the cyber ecosystem to which these groups belong. Chinese cyber espionage operations are primarily conducted in collaboration with three distinct entities, each with specific responsibilities and objectives: the People’s Liberation Army (PLA), the Ministry of State Security (MSS), and the Ministry of Public Security (MPS). Mr. Tartare demonstrated how these organizations outsource part of their cyber espionage activities to private companies, notably drawing on the recent case of internal document leaks from the company i-Soon on GitHub. This leak exposed the cyber espionage activities of this cybersecurity firm, which operates on behalf of the Chinese security apparatus. Furthermore, ESET has attributed to i-Soon the campaigns carried out by the APT Fishmonger group, whose activities were documented as early as 2020 during an operation targeting Hong Kong universities amid the 2019 protests.