My own small-scale experience is that the US is the originating IP for more than 50% of all attacks I see, mostly from Amazon hosting centres. Of course, the ‘attacker’ may actually be a Chinese crime gang using a free-tier instance of AWS to launch their campaign from, so attribution isn’t just about IP address. Apply your own pinch of salt to this report via a Russian news website…:
A Chinese report warned on Monday that most cyber attacks against Chinese networks in 2018 came from the US, which Chinese experts predicted that the latter is preparing to wage a large-scale “cyberwar” but China is prepared to launch a strong counterattack.
The information came from an annual report released by China’s National Computer Network Emergency Response Technical Team (CNCERT) on Monday.
The CNCERT said that in 2018, 14,000 servers in the US infected by a Trojan virus or botnet controlled 3.34 million host computers in China; and the number of servers increased 90.8 percent year-on-year, the Xinhua News Agency reported.
In 2018, 3,325 US IP addresses with the Trojan virus infected 3,607 Chinese websites, an increase of 43 percent compared with 2017, CNCERT said.
Aside from implanting viruses, the US has long been hacking information from the terminals of Chinese customers and has been utilizing apps to tap, steal information and analyze the information they obtained, a Beijing-based military expert, who also specializes in cybersecurity, told the Global Times on Monday.[…]