“China is one of the most prolific actors in the economic espionage space, having invested in cyber espionage in a way that is unprecedented in other countries,” says Eric O’Neill, Carbon Black’s national security strategist and a former FBI operative best known for his role in the capture of Soviet spy Robert Hanssen.
Beyond the typical theft of military and government secrets, China has engaged in theft of trade secrets and IP from businesses across the United States. “This provides them the economic advantage of refining technology that has already moved through the R&D gauntlet into direct production and then copying using a cheaper industrial base,” says Mr O’Neill.
That said, according to FireEye’s Laura Galante, China has slowed its espionage activity more recently. “Since mid-2014 we have observed an overall decrease in successful network compromises by China-based groups against organisations in the US and 25 other countries,” she says. “These shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the US government.”
The late-2015 US-China agreement, stating that neither government would support or conduct cyber-enabled theft of intellectual property against the other, might be more successful than many thought it could be. However, any speculation that China has scaled back or even disbanded its cyber-attack capabilities is misplaced, according to Ed Wallace. The director of incident response at MWR Infosecurity reckons the reality is that “due to a substantial shake-up in its military structure, a large proportion of its US-focused cyber-attack activities were paused for a short amount of time”.
That time is now up and with the reorganisation bedding down the attacks have started to pick up pace again. They are, Mr Wallace insists, likely to be “both harder to detect and harder to defend against”.
That reorganisation of China’s military strategy has resulted in a new Central Military Commission, under which sits its new command unit, the People’s Liberation Army Strategic Support Force (PLASSF). Headed by the hugely experienced Lieutenant-General Gao Jin, the PLASSF will consist of around 250,000 to 300,000 staff and contain the bulk of the country’s cyber operations. It will also now run 24 hours a day, as opposed to Chinese business hours as was the case previously.
“The creation of the PLASSF, dedicated human intelligence units and SpecOps teams are all bad news for China’s targets,” Mr Wallace concludes. “Far from being left behind, China has significantly upped its game, throwing down the gauntlet for other threat actors.”
