Summary: Yesterday, the FBI released a Public Service Announcement to highlight that the Chinese government is using formal and informal connections with freelance cyber threat actors and information security (InfoSec) companies to compromise computer networks worldwide. China’s government agencies are able to weaponize Infosec companies by using their expertise to gain unauthorized access to victim networks to collect for China’s intelligence services.

Analyst Note: Yesterday, the Southern District of New York unsealed an indictment against eight employees of China-based Infosec company Anxun information Technology Co. and two military police officers who directed certain activities in service of the Chinese government. With Chinese-affiliated threat groups increasingly impacting U.S. companies and networks, it is crucial for critical infrastructure organizations, such as those in the water sector, to understand the implications and potential security threats arising from these activities.

The FBI reminds users who suspect being a victim of malicious cyber activity by groups associated with the government of China to report the suspicious activity to the FBI's Internet Crime Complaint Center (IC3) at www.IC3.gov as quickly as possible.

Original Source: https://www.ic3.gov/PSA/2025/PSA250305

Additional Reading:

• Chinese Law Enforcement and Intelligence Services Leveraged China’s Reckless and Indiscriminate Hacker-for-Hire Ecosystem, Including the ‘APT 27’ Group, to Suppress Free Speech and Dissent Globally and to Steal Data from Numerous Organizations Worldwide

Related WaterISAC PIRs: 6, 6.1, 7, 7.1, 10, 11