Cybersecurity

Chinese cyber espionage drops steadily, report says

iStockPhoto / FCW

There has been a marked decline in China-based hacks of U.S. corporations in the past few years, according to a new report from FireEye. The study offers a fresh set of data on China's cyber-enabled economic espionage, which U.S. lawmakers have long characterized as rampant and inexorable.

From September 2015 to June 2016, FireEye researchers said 13 China-based hacking groups penetrated the networks of companies in the United States, Europe and Japan. That compares to the approximately 60 to 70 Chinese groups researchers tracked in 2013, according to Will Glass, a threat intelligence analyst at FireEye.

As China-based groups have become less active, network intrusions have plummeted, according to FireEye. Researchers documented more than 70 intrusions in April 2014, compared to fewer than five in May 2016.

"We're not saying that this is necessarily China's packing up and going home," Glass said in an interview. "It's more...they're recalculating how they want to use cyber espionage to advance their national goals."

A September 2015 agreement between Beijing and Washington to not conduct or support cyber-enabled IP theft was a rare public acknowledgment of the issue by China's government. But FireEye researchers say the decline in the country's cyber espionage began long before that accord and is due to multiple political and diplomatic factors.

A combination of U.S. indictments of Chinese hackers and Chinese President Xi Jinping's restructuring of his government's cyber operations likely explains the decline in China-based cyber espionage, according to FireEye.

Since taking power in 2012, Xi has consolidated the government resources focused on cyberspace, leading to a "more refined approach to cyber operations," the report states. That approach has likely meant fewer opportunities for unauthorized use of hacking across the Chinese state, according to FireEye.

The People's Liberation Army (PLA) in China is a big bureaucracy, and consolidating its cyber elements takes time, which possibly contributed to an "administrative lull in operations," said Mike Oppenheim, a senior manager at FireEye.

A watershed moment came two years ago when the Justice Department brought its first charges of cyber espionage against a nation-state with the indictment of five PLA officers. Those charges were met with official indignation in Beijing but proved effective in getting the government's attention.

U.S. officials have often characterized China's cyber capabilities as second to Russia's. Analysts say the Chinese are notable for the volume of their attacks, whereas the Russians are more sophisticated.

But FireEye researchers say it would be unwise to assume cyberthreats emanating from China deserve any less attention because of the apparent decline in cyber-enabled economic espionage.

"They are still going to [conduct cyber espionage]," Oppenheim said. "I just don't think it's going to be at the height that we saw in the 2013/2014 time frame."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.