Chinese commercial cyberespionage has remained relatively stable since last year’s agreement to end the practice, a cybersecurity firm reported on Monday, but has dropped substantially compared to years past.
“We attribute the changes we have observed among China-based groups to factors including … military and political initiatives, the widespread exposure of Chinese cyberoperations and mounting pressure from the U.S. government,” said the report from FireEye, an international firm that defends Fortune 500 companies against state-backed hackers.
The company said that of 72 Chinese groups that have been identified attacking corporations in recent years, just 13 have been active since the agreement was signed. That group has attacked corporate networks in the U.S., Europe and Japan, as well as several of China’s neighbors.
The company said the September agreement between President Obama and Chinese President Xi Jinping was an affirmation of the direction the country was already moving in, rather than an inflection point. “We have not seen evidence of a coordinated shift in the behavior of recently active China-based groups,” FireEye said.
“Tactical changes appear to be specific to each group’s mission and resources, and in response to public exposure of its cyberoperations,” the report added. “Rather than viewing the Xi-Obama agreement as a watershed moment, we conclude that the agreement was one point amongst dramatic changes that had been taking place for years.”
Related Story: http://www.washingtonexaminer.com/article/2594252
Authors concluded in saying that criminal organizations were likely to present the most risk in the future.
“China is not the only actor in transition: We’ve observed multiple state-backed and other well-resourced groups develop and hone their operations against corporate and government networks. The landscape we confront today is far more complex and diverse, less dominated by Chinese activity and increasingly populated by a range of other criminal and state actors.”
Recent events lend credibility to that assessment. Reports last week indicated that malware known as “Dridex,” which is linked to a Russian crime syndicate, was responsible for the February heist of $100 million in funds managed by the U.S. Federal Reserve.
