China Expands Cyber Spying

from A new industry report says that the Chinese government has expanded
the scope of its cyber espionage despite the greater public scrutiny
these operations received  in 2013.

The new report was published by Mandiant, now part of FireEye, the same company that in February 2013 published the much discussed
APT1 report directly linking a unit of the People’s Liberation Army to a
massive cyber espionage campaign against foreign businesses. APT1 was
the hacking unit the report profiled.

The APT1 report was one of a number of very public exposures of China’s cyber operations in 2013. Others included the New York Times revealing its website had been
repeatedly targeted by China-based hackers (a unit called APT-12) after
the newspaper published an article tracing the the massive wealth
senior Chinese leaders accumulated while in power. The Mandiant and New York Times’ reports led the Obama administration to raise the profile of cyber issues in U.S.-China relations, an effort that was partially undercut by the subsequent Edward Snowden leaks. The U.S. Defense Department also began more openly discussing Chinese cyber operations against the U.S. military and defense industrial base.

In its new annual report,
M-trends, Mandiant explains that the “release of the APT1 report in
February 2013 provided a unique opportunity to observe whether
revelations of China’s state-sponsored cyber activity could spur a
diplomatic solution to the problem of nation-state cyber espionage on
behalf of private sector entities.”

It concludes that the exposure has failed to do so thus far. In the
report, Mandiant states that APT1 and APT12 responded to being exposed
in two ways: first, the units delayed restarting operations ; second,
“both groups quickly shifted their operational infrastructure to
continue their activities.” 

Notably, Mandiant found that in the case of
APT1, the group had only changed the parts of its infrastructure that
Mandiant had  exposed in the report, while keeping the rest of its
infrastructure in place.

More importantly, despite waiting between one and two months to
resume any operations following each of their exposures, and waiting
roughly six-months to resume operations at the same tempo as before,
Mandiant’s observations suggest that the APT1 and APT 12 have neither
ceased nor scaled back their activities. In fact, by mid-summer of last
year, APT12’s activities were well above the baseline averages Mandiant
had observed in 2011 and 2012.

Moreover, Mandiant has observed from its clients that the Chinese
government is actually expanding its industrial cyber espionage
activities. As the report explains, “The Chinese government is expanding
the scope of its cyber operations, and China-based advanced threat
actors are keen to acquire data about how businesses operate — not just
about how they make their products.” In other words, instead of simply
targeting intellectual property, the suspected state-run Chinese hackers
are now trying to steal “information about how these businesses work
and how executives and key figures make decisions.”

Examples of the kind of data the Chinese hackers are now targeting
include: executive emails, business processes, negotiations plans,
budgetary information, organizational charts, meeting minutes, human
resources records, and programs and initiatives. The expansion beyond
stealing just intellectual property comes at a time when the Chinese
government is hoping to make their large state-owned enterprises run
more efficiently, which this type of data would facilitate.

In earlier reports, Mandiant observed that China’s cyber espionage
had expanded from operations primarily targeting the U.S. defense
industrial base to ones targeting a large variety of industries. In the
report, Mandiant includes examples of some of the industries Chinese
cyber spies targeted in 2013. They include everything from energy
companies to media organizations to non-governmental organizations
(NGO). It is widely believed that the Chinese government passes the data
it steals via cyber espionage to Chinese SOEs to make them more
competitive with foreign companies.

Mandiant’s overall conclusion from its observations in 2013 is that
China is unlikely to yield to foreign pressure on cyber spying. As the
report puts it, “Despite the recent accusations and subsequent
international attention, APT1 and APT12’s reactions indicate a PRC
interest in both obscuring and continuing its data theft. This suggests
the PRC believes the benefits of its cyber espionage campaigns outweigh
the potential costs of an international backlash.”

Written by Zachary Keck
SOURCE: The Diplomat

Leave a Reply