U.S. warnings and public scrutiny of hacks by groups believed to be China-based may have led to an overall decrease in intrusions by these groups against targets in the U.S. and 25 other countries, a security firm said.
From mid-2014, after the U.S. Government took punitive measures against China, including indicting members of the Chinese People’s Liberation Army for computer hacking, economic espionage and other charges, and raised the possibility of sanctions, FireEye has seen a notable decline in successful network compromises by China-based groups in these countries.
“We suspect that this shift in operations reflects the influence of ongoing military reforms, widespread exposure of Chinese cyber operations, and actions taken by the U.S. government,” according to the report released Monday by FireEye’s iSIGHT Intelligence.
The unit reviewed the activity of 72 groups that it suspects to be operating in China or supporting Chinese state interests.
Other security firms have also commented previously on the possible decline of hacks by China-based groups after strong measures by the U.S. But in April, Admiral Michael Rogers, Commander of the U.S. Cyber Command, told a Senate committee that cyber operations from China are still "targeting and exploiting" U.S. government, defense industry, academic and private computer networks."
Starting with measures like the indictment of the five PLA members in May 2014, President Barack Obama authorized in April 2015 the sanctioning of individuals or entities that “engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
There were reports subsequently suggesting that the U.S. government could also impose sanctions on China for cyberespionage. During a September visit by Chinese President Xi Jinping to the U.S., he and Obama agreed that the two countries will not conduct or support cyber-enabled theft of intellectual property like trade secrets.
The activity by China based groups, measured by active network compromises, has dropped from over 60 intrusions in February 2013 to just a few in May this year, according to FireEye.
The decline in number of attacks does not necessarily suggest a lack of interest from the Chinese groups, but could be a shift in focus from quantity to quality, experts said.
“Through late 2015 and 2016, we saw suspected China-based groups compromise corporations’ networks in the U.S., Europe, and Japan, while also targeting government, military, and commercial entities in the countries surrounding China,” according to FireEye.
Among the targets this year were a U.S. government services company, in an apparent bid to get information on military projects, and four firms with headquarters in the U.S., Europe and Asia that made semiconductors and chemicals used in the manufacture of the devices.