“It’s clearly industrial espionage, IP [intellectual property] theft at the highest level,” Assaf Dahan, Cybereason’s research lead, told CNN.
Asked to respond to the Cybereason report, Liu Pengyu, a spokesperson at the Chinese Embassy in Washington, claimed that China “will never encourage, support or condone cyber attacks.”
“China opposes groundless speculation and accusations on the issue of hacker attacks,” Liu added. “If the firm really care [sic] about global cyber security, they should pay more attention to the cyber attacks by the US government-sponsored hackers on China and other countries.”
Cybersecurity researchers, and US officials, have for years accused Chinese spy and military agencies of hacking and stealing trade secrets.
China “has a massive, sophisticated cyber theft program,” FBI Deputy Director Paul Abbate alleged in a speech last week to the American Hospital Association, “and it conducts more cyber intrusions than all other nations in the world combined.”
The FBI declined to comment on the Cybereason report.
US officials and cyber-intelligence analysts point to China’s “Made in 2025” plan — an ambitious state plan for achieving economic dominance — as a rubric for the types of companies whose data Chinese hackers have targeted.
Some analysts noticed a temporary dip in Chinese hacking activity shortly after the agreement. But Adam Meyers, senior vice president of intelligence at the cybersecurity firm CrowdStrike, suspects that any lull in Chinese economic espionage at the time may have been due to Xi’s restructuring of the People’s Liberation Army.
“At that period of time, in 2016, we started to see a major shift in Chinese intrusion operations to groups that are now associated with the Ministry of State Security,” Meyers told CNN, referring to China’s civilian intelligence agency.
China’s global cyber-espionage campaigns have increasingly targeted big repositories of valuable data such as telecom and internet service providers, rather than single organizations, Meyers said.
“I think that they’ve really upped their game in terms of going after broader infrastructure, so it’s more difficult to really pinpoint that they were doing economic espionage,” Meyers said.
In the hacking that Cybereason investigated, executives at the firm said they had first noticed the activity when the attackers breached an Asian subsidiary of a large manufacturing and technology firm.
But it would take months to successfully kick the hackers out of the network, showing how intent they were on their mission, according to Cybereason.