Chinese Hackers Target Maritime, Energy Firms Amid Iran Tensions

New research from ESET’s 2026 APT Activity Report indicates that Chinese state-backed advanced persistent threat (APT) groups are actively exploiting regional instability to strike at maritime and energy sector firms, particularly amid heightened tensions with Iran. These operations are part of a broader, ongoing campaign that also maintains pressure on organizations worldwide.

The report details how these threat actors have adapted their tactics, leveraging geopolitical friction as cover for cyber espionage and intelligence gathering. By focusing on critical infrastructure, the hackers aim to disrupt supply chains and steal sensitive operational data. ESET’s analysis highlights a pattern of targeted intrusions that align with China’s strategic interests, especially in regions where economic or military competition is intensifying.

Beyond the Iran-linked activity, the same APT groups continue to conduct global operations against government entities, technology firms, and research institutions. The report underscores that these attacks are not opportunistic but rather systematic and well-resourced, suggesting sustained investment in cyber capabilities. Defenders are urged to prioritize network segmentation, multi-factor authentication, and threat intelligence sharing to counter these evolving threats.

As geopolitical tensions remain high, the convergence of physical and cyber conflict is expected to accelerate. Organizations in the maritime and energy sectors should treat this report as a clear warning: the threat landscape is shifting, and proactive defenses are no longer optional.