Threat Intelligence, Incident Response, TDR

U.S. authorities identify Chinese companies that benefited from military cybertheft

U.S. authorities have concluded that three state-owned Chinese companies benefited from intellectual property stolen from U.S. companies as part of a corporate cyberespionage campaign conducted by the Chinese military, according to the Financial Times.

In 2014, the U.S. Department of Justice indicted five Chinese military officers -- Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui -- for engaging in economic espionage against American nuclear power, metals, and solar products companies. According to FT, sources familiar with the 2014 episode said Chinese companies Chinalco, Baosteel, and SNPTC benefited directly from stolen intellectual property. The three state-owned companies are China's biggest producer of the lightweight metal, an iron and steel company, and a nuclear power company, respectively.

The U.S. Department of Justice alleged that the officers, believed to be part of the Chinese People's Liberation Army (PLA) Unit 61398, engaged in economic espionage against American nuclear power, metals, and solar products companies. The officers' cyberespionage campaign spanned from from 2006 to 2014, according to the Justice Department.

The conclusion that the three Chinese companies benefited from the group's cyberespionage efforts follows last month's agreement between the U.S. and China in which the two nations agreed not to conduct cybertheft of intellectual property for commercial gain.

Tripwire Senior Security Analyst Ken Westin told SCMagazine.com that attribution is difficult in cybertheft cases and called the decision to name these companies "a smart strategic move" by U.S. authorities.

Calling out the three companies could signal a warning aimed at Beijing to take the prosecution of corporate cyberespionage cases more seriously and uphold its end of the cybertreaty that, according to a White House press release, called for cooperation "with requests to investigate cybercrimes, collect electronic evidence, and mitigate malicious cyber activity emanating from their territory."

The cybertreaty was seen by the security industry as the first step toward a larger goal for both countries. If China does not take action toward the prosecution of these companies, the U.S. will likely impose sanctions against the companies. In April, President Obama signed an executive order to impose sanctions on individuals and companies overseas who engage in cybertheft.

Westin said the U.S. should be cautious in sharing evidence with China of the companies' use of the stolen information. "The U.S. may need to expose some of our espionage capabilities," he said. “A better use of resources would be to assist companies in sharing best practices and providing information about how U.S. companies can protect themselves from Chinese cybertheft,” Westin said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.