On
Sept. 25, 2015, President Barack Obama and Chinese President Xi
Jinping agreed that neither government would “conduct
or knowingly support cyber-enabled theft of intellectual
property” for an economic advantage. Some observers hailed the
agreement as a game changer for U.S. and Chinese relations, while
skeptics saw this as little more than a diplomatic formality unlikely
to stymie years of state-sponsored
intellectual
property theft. Since the
agreement, there has been much discussion and speculation as to what
impact, if any, it would have on Chinese cyber operations.
To investigate this question, FireEye iSIGHT Intelligence reviewed the activity of 72 groups that we suspect are operating in China or otherwise supporting Chinese state interests. Going back nearly three and a half years to early 2013, our analysis paints a complex picture, leading us to assess that a range of political, economic, and other forces were contributing to a shift in Chinese cyber operations more than a year prior to the Xi-Obama agreement.
Between September 2015 and June 2016, we observed 13 active China-based groups conduct multiple instances of network compromise against corporations in the U.S., Europe, and Japan. During this same timeframe, other China-based groups targeted organizations in Russia and the Asia Pacific region. However, since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries. These shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the U.S. government.
Download the report, Red Line Drawn: China Recalculates Its Use of Cyber Espionage.