Cybersecurity

Chinese cyber espionage drops steadily, report says

iStockPhoto / FCW

There has been a marked decline in China-based hacks of U.S. corporations in the past few years, according to a new report from FireEye. The study offers a fresh set of data on China's cyber-enabled economic espionage, which U.S. lawmakers have long characterized as rampant and inexorable.

From September 2015 to June 2016, FireEye researchers said 13 China-based hacking groups penetrated the networks of companies in the United States, Europe and Japan. That compares to the approximately 60 to 70 Chinese groups researchers tracked in 2013, according to Will Glass, a threat intelligence analyst at FireEye.

As China-based groups have become less active, network intrusions have plummeted, according to FireEye. Researchers documented more than 70 intrusions in April 2014, compared to fewer than five in May 2016.

"We're not saying that this is necessarily China's packing up and going home," Glass said in an interview. "It's more...they're recalculating how they want to use cyber espionage to advance their national goals."

A September 2015 agreement between Beijing and Washington to not conduct or support cyber-enabled IP theft was a rare public acknowledgment of the issue by China's government. But FireEye researchers say the decline in the country's cyber espionage began long before that accord and is due to multiple political and diplomatic factors.

A combination of U.S. indictments of Chinese hackers and Chinese President Xi Jinping's restructuring of his government's cyber operations likely explains the decline in China-based cyber espionage, according to FireEye.

Since taking power in 2012, Xi has consolidated the government resources focused on cyberspace, leading to a "more refined approach to cyber operations," the report states. That approach has likely meant fewer opportunities for unauthorized use of hacking across the Chinese state, according to FireEye.

The People's Liberation Army (PLA) in China is a big bureaucracy, and consolidating its cyber elements takes time, which possibly contributed to an "administrative lull in operations," said Mike Oppenheim, a senior manager at FireEye.

A watershed moment came two years ago when the Justice Department brought its first charges of cyber espionage against a nation-state with the indictment of five PLA officers. Those charges were met with official indignation in Beijing but proved effective in getting the government's attention.

U.S. officials have often characterized China's cyber capabilities as second to Russia's. Analysts say the Chinese are notable for the volume of their attacks, whereas the Russians are more sophisticated.

But FireEye researchers say it would be unwise to assume cyberthreats emanating from China deserve any less attention because of the apparent decline in cyber-enabled economic espionage.

"They are still going to [conduct cyber espionage]," Oppenheim said. "I just don't think it's going to be at the height that we saw in the 2013/2014 time frame."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.