Chinese cyber espionage drops steadily, report says
- By Sean Lyngaas
- Jun 21, 2016
There has been a marked decline in China-based hacks of U.S. corporations in the past few years, according to a new report from FireEye. The study offers a fresh set of data on China's cyber-enabled economic espionage, which U.S. lawmakers have long characterized as rampant and inexorable.
From September 2015 to June 2016, FireEye researchers said 13 China-based hacking groups penetrated the networks of companies in the United States, Europe and Japan. That compares to the approximately 60 to 70 Chinese groups researchers tracked in 2013, according to Will Glass, a threat intelligence analyst at FireEye.
As China-based groups have become less active, network intrusions have plummeted, according to FireEye. Researchers documented more than 70 intrusions in April 2014, compared to fewer than five in May 2016.
"We're not saying that this is necessarily China's packing up and going home," Glass said in an interview. "It's more...they're recalculating how they want to use cyber espionage to advance their national goals."
A September 2015 agreement between Beijing and Washington to not conduct or support cyber-enabled IP theft was a rare public acknowledgment of the issue by China's government. But FireEye researchers say the decline in the country's cyber espionage began long before that accord and is due to multiple political and diplomatic factors.
A combination of U.S. indictments of Chinese hackers and Chinese President Xi Jinping's restructuring of his government's cyber operations likely explains the decline in China-based cyber espionage, according to FireEye.
Since taking power in 2012, Xi has consolidated the government resources focused on cyberspace, leading to a "more refined approach to cyber operations," the report states. That approach has likely meant fewer opportunities for unauthorized use of hacking across the Chinese state, according to FireEye.
The People's Liberation Army (PLA) in China is a big bureaucracy, and consolidating its cyber elements takes time, which possibly contributed to an "administrative lull in operations," said Mike Oppenheim, a senior manager at FireEye.
A watershed moment came two years ago when the Justice Department brought its first charges of cyber espionage against a nation-state with the indictment of five PLA officers. Those charges were met with official indignation in Beijing but proved effective in getting the government's attention.
U.S. officials have often characterized China's cyber capabilities as second to Russia's. Analysts say the Chinese are notable for the volume of their attacks, whereas the Russians are more sophisticated.
But FireEye researchers say it would be unwise to assume cyberthreats emanating from China deserve any less attention because of the apparent decline in cyber-enabled economic espionage.
"They are still going to [conduct cyber espionage]," Oppenheim said. "I just don't think it's going to be at the height that we saw in the 2013/2014 time frame."
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.