Check Point Research (CPR) sees an increase in cyber-attacks sourced from Chinese IP addresses throughout the current Russia-Ukraine conflict.
- Last week, the weekly average of worldwide attacks originating from China per organization was 72% higher than before the invasion and 60% higher than the first three weeks of the conflict
- Last week, the weekly average of cyber-attacks sourced from China on NATO corporate networks was 116% higher than before the invasion, and 86% higher than the first three weeks of the conflict
- The increase is significantly higher than the overall global increase in cyber-attacks seen during the same time frames
As the Russia-Ukraine conflict intensifies, we grew curious around cyber-attacks originating from China. We’re seeing significant increases in cyber-attacks that originate from Chinese IP addresses.
It’s important to underscore that we cannot make an attribution to the Chinese entities, as it is difficult to determine attribution in cyber security without more evidence. But what is clear is that hackers are using Chinese IPs to launch cyber-attacks world-wide, especially NATO countries.
The IPs are likely used by hackers within China and abroad. The trend can have many meanings. For example, the increase can indicate where it is now easy or cheap to set up and operate a service or where it is more opportune to hide the real origin of the attack. It can also indicate how global cyber traffic is being routed at this moment in time.
CPR will continue to dig deeper into this trending observation in the weeks ahead. For now, we’re only informing on what we see.
The views expressed are solely of the author and do not necessarily reflect those of ESPC Media.