Cyberattacks from China: Less numerous but more effective

FireEye report says instances of cyberattacks from China have declined, but a more focused approach is providing hackers with better results.
Written by Danny Palmer, Senior Writer

China is carefully pinpointing targets of its cyberattacks, warn researchers.

Image: iStock

The number of cyberattacks against the US and other countries coming from China has declined -- but that doesn't mean targeted corporations and governments are off the hook, because despite there being fewer recorded cases of cyber espionage, the instances which take place are now more calculated and focused.

The figures come from cybersecurity researchers at FireEye who've been monitoring the activity of 'China-based groups' and say that since 2014 there's been a "notable decline" in cyberattacks and intrusion activity against the US and other targets. FireEye's data is laid out in new report -- Red Line Drawn: China Recalculates its Use of Cyber Espionage -- and is based upon the activity of 72 groups that are suspected of operating in China or otherwise supporting Chinese state interests.

The changed approach to operations is thought to be because of China's ongoing military reforms, the widespread exposure of Chinese cyber-operations and the actions taken by the US government -- such as threats of sanctions -- in an effort to curb cyber espionage.

In total, there have been 262 compromises linked to China since mid-2014, 182 targeted the networks of US entitles, while 80 infiltrated the systems of targets outside the US -- with Britain, Japan and Canada the most attacked of these.

China has consistently denied hacking other nations, accusing others instead of launching espionage and hacking attacks against it instead.


Chinese instances of cyber espionage are declining -- but attacks are getting better, more-focused results.

Image: FireEye

The number of attacks represents an overall decline, with fewer than 10 attacks occurring a month since the latter stages of 2015. That's a significant drop since the number of successful attacks by Chinese groups was totalled at over 70 a month during portions of 2013 and 2014.

While the frequency of attacks has decreased, Chinese hackers are still compromising corporate networks in the US, Europe, and Japan, as well as targeting government, military, and commercial entities in countries surrounding China, such as Russia and South Korea.

It's these neighbours which find themselves the victims of one particularly type of attack: spear phishing, which is used to compromise networks in the name of espionage in a region which is a hotbed of diplomatic tension.

However, while the report does indeed point an accusing finger at Chinese government involvement, FireEye are keen to point out that when it comes to hacking and espionage, the Chinese landscape doesn't just consist of one operator -- there are many different groups involved, each of which have different objectives.

"The Chinese landscape, frequently characterized as monolithic and rigidly state-directed, is composed of a wide range of groups, including government and military actors, contractors, patriotic hackers, and even criminal element," says the report.

But whoever is carrying out cyber espionage on behalf of China, it's working. Chinese-based hacking groups are becoming less prolific, but more focused -- and therefore able to get better results.

As FireEye point out, Chinese hackers have stolen secretive information about semiconductors and late last year achieved feats such as breaching the defences of a major media company -- stealing user credentials giving them access to the network -- and have also been able to conduct reconnaissance on a US aerospace company.

The threat from Chinese hackers is "less voluminous but more focused, calculated, and still successful in compromising corporate networks", warns FireEye. The company also points out that in the hyper-connected world, China is far from the only state-backed hacking threat.

"We've observed multiple state-backed and other well-resourced groups develop and hone their operations against corporate and government networks. The landscape we confront today is far more complex and diverse, less dominated by Chinese activity, and increasingly populated by a range of other criminal and state actors," the report concludes.

Read more on cyberwarfare

Editorial standards