China cyber incursions drop, but more focused, report
While incursions have dropped, Chinese groups are going after more specific targets.
A new report from FireEye assesses the outcomes of a September 2015 agreement between President Obama and Chinese President Xi Jinping pledging that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property.”
The study, "Redline drawn: China recalculates its use of cyber espionage," examined nearly three-and-a-half years of cyber activity of 72 groups suspected of either being based in China or working for China state interests.
The study found a significant drop in the success rate of network incursions by China-based groups targeting enterprises in the U.S. and 25 other countries. FireEye attributes the decrease to evolving policies in China's political and military entities, increased public attention to its cyber activity, and moves by the U.S. government, including indicting members of the People's Liberation Army and threatening sanctions.
Researchers witnessed a massive drop in network compromises since 2013 from 72 group suspected to be of Chinese origin. In fact, between 2013 and the beginning of 2016, monthly attacks dropped from over 60 to less than five.
In particular, the study credits Xi Jinping for reforms that consolidated government and military elements conducting cyber operations and a redistribution of state resources to combat criminal and unauthorized use of cyber operations.
However, among the report's conclusion is that while activity has tailed off, it has also focused itself, becoming keener. iSIGHT researchers observed 13 China-based groups succeeding in compromising corporate networks around the world. And cyberespionage activity continues as well, with suspected China-based groups spear phishing governments and commercial organizations in neighboring countries several times in 2015 and 2016.
A spokesperson for FireEye told SCMagazineUK.com that Chinese groups are going after more specific targets: “If you review the list of ongoing activity since mid-2015, China-based threat groups seem especially interested in dual-use technologies – systems and software that could have a military or civilian use – and high-tech insights that would allow the Chinese economy to “move up the value chain” from a manufacturing- to consumer-based economy.”
With additional reporting by Max Metzger, SC Magazine UK.