Since the middle of 2014, cyberattacks by China-based hacking groups against the U.S. government and private sector have declined, according to a June 2016 analysis by the U.S. cybersecurity firm FireEye.
A FireEye team reviewed the activities of 72 hacking groups purportedly operating out of China or supporting Chinese state interests from the beginning of 2013 to June 2016.
“Since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries,” the report notes.
“During that time period we identified 262 network compromises (where a network compromise is defined as successful remote entry into a victim’s network) conducted by 72 suspected China-based groups,” it goes on.
Out of the 262 network compromises, 182 affected U.S. critical information infrastructure, whereas the remaining 80 affected targets in 25 other countries including India, Germany Japan, Singapore, and Tunisia. (FireEye also recorded an attack by Chinese hackers on a privately held Chinese conglomerate.)
According to the FireEye analysis, the September 2015 Sino-U.S. agreement to refrain from conducting or knowingly supporting commercial cyber-espionage has had a small impact on Chinese spying activities and attacks continued—albeit at a lower level.
“Between September 2015 and June 2016, we observed 13 active China-based groups conduct multiple instances of network compromise against corporations in the U.S., Europe, and Japan,” the report states.
U.S. exposure of Chinese state-sponsored cyberattacks appears to have had a vicarious impact in helping Chinese President Xi Jinping push through reforms within the Chinese intelligence and military apparatus.
The May 2014 drop in Chinese cyberattacks coincided with the U.S. Justice Department indictment of five members of the People’s Liberation Army for malicious activities in cyberspace. This helped highlight the purportedly unauthorized use of state resources by PLA members for private gains.
“Under Xi’s leadership, the Chinese military began to implement many long-discussed strategies and concepts for conducting operations in cyberspace. These reforms have sought to centralize and emphasize military and government elements engaged in cyber activity,” FireEye explains.
“Combined with Xi’s anti-corruption campaign cracking down on the illegitimate use of state resources, these reforms have begun materializing in what we believe is a more refined approach to cyber operations.”
Last week (See: “China-US Relations in Cyberspace: A Half-Year Assessment”), I also noted that U.S. actions in 2015 have led Chinese hackers to cover their tracks more carefully, “which paradoxically will help depoliticize cyber issues during bilateral discussions, even when attacks continue.”
The FireEye report also emphasized the diversity of the cyber landscape in China:
The Chinese landscape, frequently characterized as monolithic and rigidly state-directed, is composed of a wide range of groups, including government and military actors, contractors, patriotic hackers, and even criminal elements. Occasionally, aligned interests between two types of groups may drive activity that blurs the lines between direct government sponsorship and independent action.
Despite the ostensibly limited impact of sanctions on Chinese state behavior, according the FireEye, I still argue that the threat of sanctions was important and had an amplifying effect on already existing trends within China. As I noted in my January 2016 predictions of Sino-U.S. relations in cyberspace this year:
The threat of economic sanctions will have significantly higher impact on the senior Chinese leadership in 2016, primarily due to China’s deteriorating economic situation, but also due to the international humiliation the country would suffer from being the first nation subject to economic sanctions for cyberattacks.
The threat of sanctions must have had some impact on Xi Jinping’s decision-making. Whether he used the U.S. threat as a tool to further cement his power within the Chinese intelligence and military community by highlighting the negative consequences of rogue actions, or whether the Chinese leadership was genuinely afraid of the impact of economic sanctions, is of less importance in this regard.