Threat Intelligence, Incident Response, TDR

More evidence of Chinese government hacking as Obama, Xi discuss cybersecurity

President Barack Obama and Chinese President Xi Jinping met for a private dinner at the White House Thursday evening amid ongoing tensions between the U.S. and China over the two nations' competing cybersecurity agendas.

Raising the anxiety level further is Xi's visit coincided with a new report pinning cyberattacks on US interests squarely on the Chinese government and that Xi this week wholeheartedly denied involvement by his government in any hacking schemes.

On Wednesday, the cybersecurity firm ThreatConnect, in partnership with Defense Group Inc., published a report linking a Chinese military staffer to an expansive government hacking operation in which government cyberspying relies on a wide network of hackers who are loosely connected through a bottom-up management approach.

In speaking to a group of U.S. and Chinese business leaders in Seattle on Tuesday, President Xi said China is a “staunch defender of cybersecurity.” He also asserted, “The Chinese government will not, in whatever form, engage in commercial thefts or encourage or support such attempts by anyone.”

These claims, while consistent with earlier statements made by the Chinese president were met with skepticism within the information security and among business leaders.

The ThreatConnect-DGI report is hardly the first time that direct evidence has been found linking hacking campaigns to Chinese military groups. In June, CrowdStrike published a report noting evidence of clusters of Chinese hacking groups that are linked to members of Unit 61398 of the People's Liberation Army.

CrowdStrike co-founder George Kurtz told it is “irrefutable” that China is actively involved in hacking and corporate espionage to further their national interests. Kurtz said, "With a high degree of certainty, we were able to find a connections that link the malware, domains, and IP addresses back to the PLA with a high degree of certainty.”

In speaking with, Fred Cate, a senior fellow at the Indiana University Maurer School of Law's Center for Applied Cybersecurity Research, said, “There is a lot of evidence, although circumstantial that during the lunch hour in China the attacks slow down, and after lunch they pick up again.”

The White House responded to the trend Chinese hacks by starting to prepare a list of sanctions against Chinese companies that are believed to have benefited from commercial cyber theft against private companies, according to The Wall Street Journal.

The ThreatConnect-DGI report reflects poorly on President Xi's claim on Tuesday when speaking to a group of U.S. and Chinese business leaders, that China is a “staunch defender of cybersecurity.” Xi told the group, “The Chinese government will not, in whatever form, engage in commercial thefts or encourage or support such attempts by anyone.”

Cate said of the ThreatConnect-DGI report, “You could say this report is bad timing for Xi, but at the same time while he has just dismissed outright all of the other evidence that they are involved in hacking, he's likely going to just dismiss this as well.”

Richard Bejtlich, a senior fellow at the Center for 21st Century Security and Intelligence, part of the Foreign Policy program at the Brookings Center, and chief security strategist at cybersecurity firm FireEye, told, he expects the initial agreement between the US and China would initially only involve a restatement of language that was agreed to by the United Nations' Center for Strategic and International Studies in June. "The U.S. is in a tough situation because we try to create something called 'norms,'" said Bejtlich, "but how do we respond when 90 percent of the rest of the world doesn't adhere to those norms?"

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.