China
China is described in the provided content as a hostile nation-state cyber actor and, specifically, as the most strategically deliberate cyber adversary to the United States. The content states that Beijing emphasizes persistent access and pre-positioning within U.S. critical infrastructure for potential coercion, disruption, and real-world effects during geopolitical crises, rather than espionage alone. Reported target areas include U.S. critical infrastructure broadly, including energy, water, communications, and subsea cable systems, as well as election-related influence efforts. The content also states that China and Russia continue cyber operations aimed at degrading coordination and testing alliance cohesion. Tactics and operational characteristics directly mentioned in the content include persistent access, pre-positioning, embedding access across U.S. critical infrastructure, exploitation of flaws in routers and network devices, and activity affecting or targeting subsea cable infrastructure. The content further states that China is leveraging or harnessing AI and machine learning and exploring quantum computing and autonomous systems powered by cloud architectures. It also describes China as attempting to export surveillance capabilities globally and notes U.S. concern over how China uses engagement in international cable-governance bodies such as the ICPC. Aliases directly provided are "china" and "prc." No specific sub-groups are identified in the content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- energy
- water
- communications
Tradecraft
33 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
11 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
China-linked threat actors are known for persistent and sophisticated cyber operations targeting U.S. critical infrastructure, especially during periods of geopolitical tension.
Pre-positioning and embedding access across U.S. critical infrastructure, conducting cyber operations to degrade coordination and test alliance cohesion, with a focus on long-term access and disruption.
China is conducting sustained, offensive cyber campaigns focused on persistent access to U.S. critical infrastructure, aiming to enable coercion or disruption during geopolitical crises.
China is actively developing and leveraging advanced technologies such as AI, machine learning, quantum computing, and autonomous systems for strategic and potentially military purposes, including cyber operations.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.