Story image

FireEye research targets cyber espionage operating out of China

21 Jun 16

FireEye's new iSIGHT Intelligence report has delved into the world of cyber espionage in China, with reports there are 72 groups operating or at least supporting state interests in the country.

The report, titled "Red Line Drawn: China Recalculates its use of Cyber Espionage", was spurred by a discussion in September 2015 by US President Barack Obama and Chinese President Xi Jinping, in which they agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for unfair economic advantage. FireEye says that since that discussion, there has been a lot of speculation about what effects it would have on Chinese cyber operations.

FireEye iSIGHT Intelligence investigated this question by tracking the activity of 72 groups that are either operating in China or support its state interests. The report analysed the range of political, economic and other forces from as far back as 2013, and the company says China cyber operations were shifting long before Obama and Jinping's agreement.

The report found that 13 active China-based groups compromised networks against organisations in the United States, Europe and Japan between September 2015 and June 2016. At the same time, other China-based groups were attacking organisations in Russia and the Asia-Pacific region.

The 262 compromises affected other regions such as Australia, Italy, Switzerland, France, Tunisia and Israel.

While this seems worrying, the report says that there has been an overall decrease in successful network compromises by China-based attackers. These may be due to Chinese political and military reforms, exposure of the cyber activity happening in China, and US Government intervention.

"Yet China is not the only actor in transition: we’ve observed multiple state-backed and other well-resourced groups develop and hone their operations against corporate and government networks. The landscape we confront today is far more complex and diverse, less dominated by Chinese activity, and increasingly populated by a range of other criminal and state actors," the report concludes.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.