Chinese Cyberespionage On The Decline, According To Experts

Today, in genuinely rare reporting, some good news on the cybersecurity front.

According to recent reports from FireEye, the U.S. network security company most associated with fending off Chinese hack attacks, it seems the Chinese are making good on their September pledge to knock off state support for the hacking of American trade secrets. FireEye’s most recent release indicates that breaches attributed to China-based groups have fallen off by 90 percent in the last two years, with the biggest single decrease coinciding with last summer’s negotiations of the bilateral agreement.

Victims of Chinese cyberespionage include a veritable who’s who list of major American industrial players, such as U.S. Steel, Alcoa Inc. and Westinghouse Electric. FireEye’s new CEO, Kevin Mandia, noted that a fair amount of carrot-and-stick went into the negotiation of the bilateral deal, including the significant stick that the United States could impose sanctions on Chinese officials and companies.

“They all contributed to a positive result,” Mandia said.

The government is not yet ready to certify that its Chinese counterparts are fully in compliance with the agreement signed almost a year ago but did note that the latest report from FireEye would be part of the overall monitoring effort.

“We are still doing an assessment,” an Obama administration official told Reuters, speaking on the condition he not be named.

Said unnamed official further noted that a second round of talks with China on the more minute details of the agreement had just concluded and that the negotiations had gone favorably.

“We’ve expressed our principled position on many occasions,” said China Foreign Ministry spokeswoman Hua Chunying. “We oppose and crack down on commercial cyberespionage activities in all forms.”

The Foreign Ministry is the only government department that routinely discusses cyberespionage issues with the public.

FireEye did not report that espionage activity from China had ceased entirely. At least two backdoor installation hacks have been found and tied to China in 2016 already, though neither of those hacks seem to have resulted in an actual data breach. Also both hacked firms are government contractors, and so it is possible that both intrusions were actually aimed at information gathering on the government or military.

While the U.S. government condones neither type of spying — and the Chinese government maintains that it would never condone that type of spying — the bilateral agreements are only in reference to industrial spying and the theft of trade secrets. A long way of saying, under the agreements, military or governmental spying is fair game.

And in that vein, it is worth nothing that FireEye further reports that government-backed Chinese hackers are not lacking for things to do these days. While corporate cyberespionage in the U.S. has been on the decline, efforts at spying on political and military targets in other countries and regions has been booming. Russia, the Middle East, Japan and South Korea have all been particularly popular targets.

That report corresponds with reports from CrowdStrike (a different security firm) that has seen Chinese state-supported hackers working outside the U.S. mainly for the last year.

FireEye and CrowdStrike were both fairly certain that the attacks are being carried out either directly by the Chinese government or through various corporate intermediaries.