SAN FRANCISCO — Chinese hacking of the U.S. has decreased over the last year in quantity, if not in quality, according to a new series of assessments by cybersecurity companies and U.S. government officials.
The cybersecurity firm FireEye released a report Monday concluding that they saw “a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks.” The report came less than a week after a high-level meeting between the China and the U.S. designed to strengthen a cyber-agreement between Chinese President Xi JinPing and President Barack Obama in September.
“The broader story here is that China has been conducting high level espionage for years, but last year, following the agreement between President Obama and President Xi, we saw decreases,” said William Glass, a threat intelligence analyst at FireEye. “We don’t yet whether the decrease is permanent.”
The FireEye report, which observed 13 China-based groups which were active in attacks between September 2015 and June 2016, echoed a conclusion reached several months ago by Fidelis, another cybersecurity firm. Fidelis CSO Justin Jarvey told the Financial Times, “What we are seeing can only be characterised as a material downtick in what can be considered cyber espionage… We are seeing a marked difference.” A U.S. official, speaking on condition of anonymity, also told the Financial Times that “the days of widespread Chinese smash-and-grab activity, get in, get out, don’t care if you’re caught, seem to be over."
Glass said he believed there were a number of factors contributing to the decline in Chinese hacking, ranging from reforms within China that have seen President Xi crackdown on cyber units within the military who would have conducted attacks for personal gain, to the more aggressive actions taken by the U.S. to name and shame Chinese hackers.
“Since Xi took over the cyber forces traditionally alighted with army, have now been separated out. Like the U.S. army, cyber is now in its bucket off to side. Another thing is that he has a big anti-corruption drive. In past, PLA, the People’s Liberation Army, has conducted operations for own personal benefit. They have been stealing tech that they can sell. There is a big crackdown on that,” said Glass.
The U.S. moves meanwhile, which saw the Department of Justice announce it was indicting five members of the PLA for cyber-espionage in 2014, while preparing cases on others, would have also served as a deterrent for China to stop the more overt cyberattacks it had been conducting, said Glass.
While the consensus among cybersecurity researchers appears to be that the quantity of cyber-attacks originating in China and targeting the U.S. has decreased, the attacks which are ongoing are both successful and targeted. The FireEye report found that China-based cyber-espionage groups had targeted corporate networks in the U.S., Europe, and Japan and targeted government, military, and commercial entities.
Glass gave the example of the semiconductor industry, which China had been trying to enter for some time.
“They are trying to develop a domestic semiconductor industry. They can’t control the semi-conducts that they import, so we are seeing an investment made on a public level to engage with companies, and then also, there is cyber-espionage against semiconductor companies in the U.S.,” said Glass. “Going forward we will see a lower volume of attacks, but more specific interest in what they target.”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.