Over the last year China-based threat actors have lessened their activity against US organizations, according to new findings from cybersecurity specialists FireEye.
FireEye’s observations are based on 262 intrusions that occurred in 26 countries – including the US, UK, Canada, and Japan – including insights into 72 China-based threat actors. The firm says the shifts in operations are reflective of ongoing military reforms, widespread exposure of Chinese cyber operations, and actions taken by the US government.
However, despite this decline, FireEye predicts that China will almost certainly remain an aggressive cyber espionage actor going forward. Since mid-2015 they have observed at least 13 China-based threat groups target a range of industries in the US, Europe, and Japan.
That’s despite the agreement between President Obama and Chinese President Xi Jinping that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property”, set out back in September 2015.
China-based groups have been particularly synonymous for targeting governments and firms around Asia for the past decade, commonly keen on regional security issues in the South China Sea and political movements in Taiwan and Hong Kong.
"China remains a serious cyber threat to the US and countries around the world,” Nick Rossman, senior strategic threat intelligence manager at FireEye, told Infosecurity.
“China is likely in the process of a multi-year maturation of their cyber program with better organization, communication and execution. We anticipate an evolution in their organization, tools and tactics. As we discuss in the report, some China-based groups are improving their capabilities. In addition, as we cover in the report, 13 of these groups have conducted network compromises in the US, Japan, and Europe since mid-2015, demonstrating that China-based groups remain active,” he added.