China's economic cyber-espionage drops dramatically, sharpens focus

News by Max Metzger

FireEye's new report assesses the fluctuations in Chinese cyber-activity since Barack Obama and Xi Jinping's momentous talks on intellectual property theft last year.

A new report from FireEye assesses the outcomes of the Obama-Xi Jinping talks on Chinese cyber-activity. Entitled Red Line Drawn: China Recalculates Its Use of Cyber Espionage, the report details the refining of cyber-activity out of China.

Chief among the report's conclusions is that Chinese cyber operations have become more selective about their targets, ramping back the scattershot approach and focusing in more precisely on key targets. 

China is already well known for its market in counterfeits and fakes but Chinese cyber-criminals and state proxies have made a name for themselves over the years by stealing designs in one country to reproduce them on an industrial level in China.

Peculiar to this brand of cyber-activity and espionage was that it was not geared towards a direct geopolitical objective but rather an economic one. In 2014, the US government responded by laying indictments at the door of the People's Liberation Army for economic cyber-espionage. Tensions over this matter simmers, with China making nods towards such action harming the relationship between the two superpowers.

At the time, US attorney general Eric Holder remarked, “This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”

It was only in September last year that US President Barack Obama and Chinese Premier Xi Jinping met to discuss the pressing issue of cyber-security and, importantly, intellectual property. The two premiers agreed that neither would “conduct or knowingly support cyber-enabled theft of intellectual property”.

Since then, iSIGHT researchers have observed 13 China based groups looking to, and succeeding in, compromising corporate networks around the world.

Chief among the report's conclusion is that while activity of this nature has dropped, it has also focused itself, becoming keener and more focused.

However, the report concludes this considerable drop did not happen explicitly because of the landmark agreements but had rather started several years before.

Researchers had witnessed a massive drop in network compromises since 2013 from 72 group suspected to be of Chinese origin. In fact, between 2013 and the beginning of 2016, monthly attacks dropped from over 60 to fewer than five. The major decline began in mid 2014, over a year before the talks between the US and China.

The report suspects that Xi's centralising military reforms enacted while in office limited the state's ability to act in the cyber-realm. As one FireEye spokesperson put it to, “Military and domestic reforms in China that centralised President Xi's control of cyber operations and regional security concerns”, coupled with the public exposure of China's cyber activities effectively mitigated the country's capability before it ever came to talks.

But, as the report says, China's cyber-activity, while decreasing in quantity, has increased in quality. 

A spokesperson for FireEye told SC that Chinese groups are going after more specific targets: “If you review the list of ongoing activity since mid-2015, China-based threat groups seem especially interested in dual-use technologies – systems and software that could have a military or civilian use – and high-tech insights that would allow the Chinese economy to 'move up the value chain' from a manufacturing- to consumer-based economy.” 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews