Since mid-2014, the Chinese government has cut down the number of cyber-attacks against US targets, as cyber-operations overall seem to have lost priority, a new FireEye report reveals.

China continues to launch attacks at a steady pace, but in 2016, security vendors have not observed Chinese-linked cyber-espionage groups carry out more than ten attacks per month.

According to security firm FireEye, there are a couple of reasons behind China’s usage of cyber-attacks, and a few converge to early and mid-2014 when the number of cyber-attacks has started declining with each new month.


Military reform has cut down rogue operations

First and foremost, FireEye says that Chinese President Xi Jinping’s military reform has played a big role. When Xi assumed power in November 2012, he was quoted as saying that government and military elements should stop using state resources for their own agendas.

His statements meant physical military resources, but also cyber-espionage operations. According to FireEye’s statistics, at least 72 cyber-espionage groups were operating at that time with more or less concluding evidence linking them to the Chinese government, military or other agencies in the country.

For most of their attacks, these groups targeted private companies, from where they stole intellectual property that mysteriously made its way in the hands of private Chinese companies.

Starting with 2013 and then intensifying in 2014, Xi’s reform of the Chinese military has unified cyber resources under the roof of one agency called the PLA Cyberspace Strategic Intelligence Research Center (June 2014). With a better control of all the groups, the Chinese state started enforcing a stricter policy and a firm command over all groups and their operations.

The US started to take legal and economic actions

By 2014, the number of security vendors publishing period reports on massive cyber-espionage campaigns linked to mainland China also started to gain the public and the government’s attention.

Chinese cyber-operations had slowly come to light and had painted China in the same dark colors in which Snowden painted the US.

Based on these reports, the US started to take attitude against Chinese hackers. The US first charged five Chinese military officers, and then Chinese business Su Bin.

By late 2015, the US reached the annoyance level at which it was considering imposing economic sanctions on its main rival.

US-Chinese anty-spying pact yields results

In September 2015, to calm down relations between the two countries, President Barack Obama and Chinese President Xi Jinping agreed to a pact where neither government would “conduct or knowingly support cyber-enabled theft of intellectual property.”

It was following this pact that Chinese cyber-espionage operations dropped overall to ten cyber-attacks per month, and continued to slow down even more, afterward.

Chinese-linked cyber incidents

Chinese-linked cyber incidents

Since then, between September 2015 and June 2016, FireEye says it observed only 13 active cyber-espionage groups linked to the Chinese government.

Cyber-attacks slowed down, but never stopped

There have still been attacks on US companies after the anti-spying pact was signed last year, but FireEye says that most of China’s cyber operations are now aimed at other targets, usually its neighbors and targeting politically-charged events, such as the Taiwan political elections and the Hong Kong riots.

Among the US targets, FireEye lists a US high-tech corporation (attacked between April – May 2016), a US government services company to steal US military projects (March – May 2016), a US high-tech company to steal data about navigational software (August 2015 – March 2016), a US healthcare organization (March 2016), and a US software company to steal data on navigational projects (December 2012 – March 2016).

“Three years later, we see a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks,” FireEye explains.

“Rather than viewing the Xi-Obama agreement as a watershed moment, we conclude that the agreement was one point amongst dramatic changes that had been taking place for years.”

“We attribute the changes we have observed among China-based groups to factors including President Xi’s military and political initiatives, the widespread exposure of  Chinese cyber operations, and mounting pressure from the U.S. Government,” the security vendor also added.

Recently detected cyber-espionage campaigns linked to Chinese groups

Recently detected cyber-espionage campaigns linked to Chinese groups

Let’s block ads! (Why?)

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲