Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.
April 14, 2025 By Becky Bracken
Beijing-backed hacker groups are known by a variety of benign-sounding monikers, like FishMonger and MirrorFace, and notably, Volt Typhoon and Salt Typhoon — but a handful of these groups, some of them operating as arms of the military, are running ruthless cyber-espionage campaigns against the US's most sensitive critical infrastructure, including utilities and telecommunications networks. While these groups' attribution to China by the US government and cybersecurity researchers hasn't really been in question, China itself isn't even trying to hide the nefarious cyber activity anymore.
According to an April 10 Wall Street Journal report about a meeting with US representatives last December, Chinese officials confirmed they were behind the cyberattacks on US infrastructure, made in retaliation for American support of Taiwan. With a new raging tariff war between China and the US added to the mix, these cyberattacks are bound to continue, experts say, enabled in part by visibility gaps in endpoint detection and response (EDR) products.