China cyber spies fewer but more focused, says study
The number of Chinese espionage groups has declined in recent years, but several dozen remain active in what appears to be an orchestrated campaign focusing on the US and other key targets, says a report by Mandiant.
Just 36 espionage groups backed by China were detected last year, out of 244 observed by Mandiant since 2016 – but 15% of their attacks are being directed at US organizations.
“We also noted multiple Chinese cyber espionage actor sets use the same malware families, suggesting the possibility of a grand quartermaster developer,” said Mandiant. What it described as “the overlapping use of publicly available tools” allows Chinese spy programs to benefit from reduced costs and more effective deployment, as well as making such surveillance efforts harder to detect.
“The overlap of custom tools may reflect resource-sharing across groups, or a centralized development and distribution center led by a shared development and logistics infrastructure,” added the report.
Just over a sixth of the active spy cells noted by Mandiant focused their attacks on public institutions, a trend it said had prevailed since 2018. “However, we observed a decrease in the overall number of Chinese cyber espionage actors focusing on government entities from 2019 to 2021,” it added.
Some of the key advanced persistent threat (APT) actors noted by Mandiant included APT10, resurgent in 2020 after the indictment of two alleged members by the Department of Justice in 2018, and Conference Crew, which targeted US military and aerospace installations between 2011 and 2017 before shifting focus to attack educational and other facilities in South-east Asia last year.
Charles Carmakal, Mandiant’s chief technology officer, said he expected China’s cyber espionage activities to rise again, though he did not specify whether the number of active groups would reach the levels seen between 2016 and 2021.
“Chinese cyber espionage activity ramped up significantly in recent years, with Asia and the US remaining the most targeted regions,” he said. “Further, with the implementation of China’s 14th Five-Year Plan in 2021, we expect to see cyber espionage activity continue to accelerate in support of China’s national security and economic interests over the next few years.”
More from Cybernews:
Subscribe to our newsletter