Good morning. Incident-response and intelligence specialists at the annual RSAC in San Francisco agree that Chinese state-sponsored cyber activity has continued to ramp up this year. That's true even after the discovery of China-linked infiltration of U.S. critical infrastructure and telecom providers.  

“The volume of intrusion activity that we see coming from China is really high right now,” said Charles Carmakal, chief technology officer at incident-response firm Mandiant, part of Alphabet’s Google.

U.S. officials have long warned that Chinese cyber activity had reached new highs, thanks in part to a mix of economic pressures, geopolitical tension that includes a looming conflict over Taiwan, and great-power competition.

China has also become more assertive in cyber affairs, recently blaming the U.S. for cyberattacks during the Asian Winter Games, and naming U.S. intelligence officers, mimicking a longstanding Western approach. Washington denies the accusations.

Chinese officials gave a tacit acknowledgment to their American counterparts in recent months that they were, in fact, inside U.S. critical infrastructure systems, seen as a warning about intervening in a future invasion of Taiwan.

What’s raising concern is the focus on certain infrastructure outside of presumed targets, such as New York City or other major metropolitan areas.

“The small-municipality targeting is interesting. It could be sort of exercising and getting ready from a drill perspective,” said Sam Rubin, head of Palo Alto Networks' Unit 42 incident-response business.

Also today: Read our Q&A with SolarWinds CISO Tim Brown, who discusses the mental and physical toll of fighting the Securities and Exchange Commission in court.

More news below.

• Last year, Ascension was hit by ransomware group Black Basta, compromising details about 5.6 million people. (Bleeping Computer)

Canadian energy company Emera said corporate systems are down at its Nova Scotia Power unit after a cyberattack. Power generation and distribution aren't affected, Emera said. 

More than 470,000 current and former residents of the California city of Long Beach are being notified that their personal and health data was exposed in a 2023 cyberattack. The city is offering one year of credit monitoring to those whose Social Security numbers were compromised. (HIPAA Journal)

Lab threat: The Federal Communications Commission is due to vote on May 22 on whether to bar labs in China deemed by the U.S. to be a threat to national security from testing electronics destined for the United States. A second proposal would ban all Chinese labs from such testing on products due to enter the U.S. (Reuters)

• AI is nothing without data. When you feed it everything you’ve said for days, weeks and months, it gets more useful. Also, yes, it becomes a lot like a “Black Mirror” episode. (WSJ) 

The WSJ Pro Cybersecurity team is Deputy Editor Kim S. Nash (on X @knash99), and reporters Angus Loten, James Rundle and Catherine Stupp (@catstupp). Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.