Cybersecurity

Chinese cyber espionage drops steadily, report says

iStockPhoto / FCW

There has been a marked decline in China-based hacks of U.S. corporations in the past few years, according to a new report from FireEye. The study offers a fresh set of data on China's cyber-enabled economic espionage, which U.S. lawmakers have long characterized as rampant and inexorable.

From September 2015 to June 2016, FireEye researchers said 13 China-based hacking groups penetrated the networks of companies in the United States, Europe and Japan. That compares to the approximately 60 to 70 Chinese groups researchers tracked in 2013, according to Will Glass, a threat intelligence analyst at FireEye.

As China-based groups have become less active, network intrusions have plummeted, according to FireEye. Researchers documented more than 70 intrusions in April 2014, compared to fewer than five in May 2016.

"We're not saying that this is necessarily China's packing up and going home," Glass said in an interview. "It's more...they're recalculating how they want to use cyber espionage to advance their national goals."

A September 2015 agreement between Beijing and Washington to not conduct or support cyber-enabled IP theft was a rare public acknowledgment of the issue by China's government. But FireEye researchers say the decline in the country's cyber espionage began long before that accord and is due to multiple political and diplomatic factors.

A combination of U.S. indictments of Chinese hackers and Chinese President Xi Jinping's restructuring of his government's cyber operations likely explains the decline in China-based cyber espionage, according to FireEye.

Since taking power in 2012, Xi has consolidated the government resources focused on cyberspace, leading to a "more refined approach to cyber operations," the report states. That approach has likely meant fewer opportunities for unauthorized use of hacking across the Chinese state, according to FireEye.

The People's Liberation Army (PLA) in China is a big bureaucracy, and consolidating its cyber elements takes time, which possibly contributed to an "administrative lull in operations," said Mike Oppenheim, a senior manager at FireEye.

A watershed moment came two years ago when the Justice Department brought its first charges of cyber espionage against a nation-state with the indictment of five PLA officers. Those charges were met with official indignation in Beijing but proved effective in getting the government's attention.

U.S. officials have often characterized China's cyber capabilities as second to Russia's. Analysts say the Chinese are notable for the volume of their attacks, whereas the Russians are more sophisticated.

But FireEye researchers say it would be unwise to assume cyberthreats emanating from China deserve any less attention because of the apparent decline in cyber-enabled economic espionage.

"They are still going to [conduct cyber espionage]," Oppenheim said. "I just don't think it's going to be at the height that we saw in the 2013/2014 time frame."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.