Chinese hacking activity down sharply since mid-2014, researchers say
Chinese government cyberespionage has decreased sharply since mid-2014, an apparent response to widespread exposure of the activity, U.S. indictments and the threat of economic sanctions last summer, according to a new report by FireEye, a cybersecurity firm.
“The landscape we confront today is far more complex and diverse, less dominated by Chinese activity and increasingly populated by a range of other criminal and state actors,” said the report by FireEye’s iSIGHT Intelligence unit.
U.S. officials said late last year that the Chinese military had scaled back its economic cyberespionage against American companies following the indictments.
[Following U.S. indictments, China scales back hacks on American industry]
The firm’s report, however, is based on an analysis over three years of 262 intrusions into the networks of companies and government agencies that hired the firm to investigate both in the United States and overseas.
It found that Chinese activity is markedly down overall — from more than 60 intrusions in February 2013 to a handful in April of this year. It also found that some activity has shifted away from the United States to targets in Asia, including Taiwan, India and Japan.
The shifts have coincided with ongoing political and military reforms in China, FireEye noted. Since taking power in late 2012, Chinese President Xi Jinping has worked to centralize China’s cyber operations, turning them toward support of a greater range of activity, the firm said. That redirection takes place as the U.S. military is building up its Cyber Command in support of defensive and offensive operations to benefit regional military commands as well as protect the nation.
In September, Xi pledged that his country would not engage in state-sponsored commercial cyberespionage — the theft of intellectual property and trade secrets from one country to benefit another country’s own industries.
FireEye found that the trend line was already sloping downward by the time Xi made his pledge, although the activity has not completely stopped. The firm has investigated a number of intrusions of corporate networks in the United States, Europe and Japan.
Laura Galante, FireEye director of threat intelligence, points to several reasons for the downturn. In early 2013, the cybersecurity firm Mandiant issued a report describing in detail the activities of one prolific hacking unit from the People’s Liberation Army, Unit 61398. Mandiant is now owned by FireEye. That unleashed a flood of other reports outlining Chinese cyber operations.
In May 2014, the Justice Department obtained indictments against five Chinese army officers in commercial cyberespionage, marking the first time the U.S. government had charged foreign government personnel with such crimes.
In August 2015, The Washington Post reported that the Obama administration was developing economic sanctions to apply against Chinese companies and individuals who benefited through the cybertheft of U.S. companies’ intellectual property.
Source | WashingtonPost