Chinese hackers are infiltrating the networks of suppliers of “sensitive” manufacturers, according to a Check Point report to be published in the coming weeks

Archived

Check Point is set to reveal a new Chinese cyber campaign targeting suppliers of manufacturers in “sensitive” domains in the US and across the globe.

In an exclusive interview with Infosecurity at the firm’s CPX 2025 conference, Lotem Finkelsteen, Check Point’s Director of Threat Intelligence & Research, said his team was working on a new investigation into a Chinese hacking group.

Finkelsteen confirmed his team had observed the threat group actively infiltrating the networks of firms that supply components for the manufacturing industry, including in “sensitive” domains, and many other sectors.

These primary targets include suppliers of chemical products and physical infrastructure components like pipes. Some are Check Point’s customers. Check Point plans to release a full report on the campaign in the next few weeks.

Targeted edge devices include operational relay boxes (ORBs), which are often either virtual private server (VPS) hosts or poorly secured Internet of Things (IoT) devices (e.g. routers) that intelligence services have traditionally used to infiltrate networks.

The approach shows similarities with the Volt Typhoon cyber espionage campaigns that targeted critical infrastructure and telecommunications organizations in the US and elsewhere in 2023 and 2024. These campaigns allowed Volt Typhoon to infiltrate some US government agencies in 2024.