China-based hackers have reduced the number and intensity of attacks on the United States and have instead turned their attention on Russia, according to to a recent report. “Hackers from China are always spying on you.” warned a Russian cybersecurity expert.
According to the report released by a cybersecurity company FireEye Inc, since mid-2014 there has been an overall decrease in successful network compromises by China-based groups against organizations in the United States and 25 other countries. These shifts have coincided with increased hacker activities in Russia, Ukraine, the Middle East, and South Korea.
Experts attribute such shift to an agreement acknowledged by American President Barack Obama and Chinese President Xi Jinping that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage on September 25, 2015.
The research conducted by FireEye reviewed the activity of 72 groups that are suspected of operating in China or otherwise support Chinese state interests. Going back nearly three and a half years to early 2013, the team’s analysis provides a glimpse of the shift.
Between September 2015 and June 2016, it is observed that 13 active China-based groups conduct multiple instances of network compromise against corporations in the United States, Europe, and Japan. During this same time frame, other China-based groups targeted organizations in Russia and the Asia Pacific region. However, since mid-2014, there has been an overall decrease in successful network compromises by China-based groups against organizations in the above-mentioned countries.
Some observers remarked that the agreement could be a game changer for Sino-American relations, while others saw it as a mere diplomatic formality unlikely to yield substantial results.
In October 2015, another cybersecurity firm, CrowdStrike, said that it recorded attacks on over seven of its client companies from actors seemingly connected to China-based individuals and institutions in the three weeks after the deal was announced.
U.S. intelligence officials confirmed to the media that there has been a drop-off in Chinese attacks against some American targets, crediting it to the agreement between Obama and Xi. But they remain wary about whether it will keep it.
The California-based firm Symantec, said it too noted some decline in activity from China after October of last year, but said it continued to monitor a “small trickle of continuing activity” that it said could, in part, be due to hackers needing time to shut down their attacks after the agreement between the United States and China.