Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe and Asia, security researchers said Wednesday, in findings that shed new light on Beijing’s alleged use of hacking to buttress its powerhouse economy.
The hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sectors, according to Boston-based security firm Cybereason. The firm discovered the activity last year but said the hacking campaign dates to at least 2019, and it suggested that reams of data could have been stolen in the interim.
The research is an unsettling reminder of the scope of the cyber threats facing US businesses and government agencies as the Biden administration attempts to thwart them. For all of the attention on potential Russian hacking due to the war in Ukraine, China’s digital operatives have been very active.
“It’s clearly industrial espionage, IP [intellectual property] theft at the highest level,” Assaf Dahan, Cybereason’s research lead, told CNN.
Asked to respond to the Cybereason report, Liu Pengyu, a spokesperson at the Chinese Embassy in Washington, claimed that China “will never encourage, support or condone cyber attacks.”
“China opposes groundless speculation and accusations on the issue of hacker attacks,” Liu added. “If the firm really care [sic] about global cyber security, they should pay more attention to the cyber attacks by the US government-sponsored hackers on China and other countries.”
Cybersecurity researchers, and US officials, have for years accused Chinese spy and military agencies of hacking and stealing trade secrets.
China “has a massive, sophisticated cyber theft program,” FBI Deputy Director Paul Abbate alleged in a speech last week to the American Hospital Association, “and it conducts more cyber intrusions than all other nations in the world combined.”
The FBI declined to comment on the Cybereason report.
US officials and cyber-intelligence analysts point to China’s “Made in 2025” plan – an ambitious state plan for achieving economic dominance – as a rubric for the types of companies whose data Chinese hackers have targeted.
The plan, released in 2015, calls for advancements in manufacturing in the aerospace and biomedical fields, among several others. The Justice Department has in the years since unsealed indictments accusing Chinese hackers of targeting those very sectors.
Chinese President Xi Jinping and then-US President Barack Obama in 2015 agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property.”
Some analysts noticed a temporary dip in Chinese hacking activity shortly after the agreement. But Adam Meyers, senior vice president of intelligence at the cybersecurity firm CrowdStrike, suspects that any lull in Chinese economic espionage at the time may have been due to Xi’s restructuring of the People’s Liberation Army.
“At that period of time, in 2016, we started to see a major shift in Chinese intrusion operations to groups that are now associated with the Ministry of State Security,” Meyers told CNN, referring to China’s civilian intelligence agency.
China’s global cyber-espionage campaigns have increasingly targeted big repositories of valuable data such as telecom and internet service providers, rather than single organizations, Meyers said.
“I think that they’ve really upped their game in terms of going after broader infrastructure, so it’s more difficult to really pinpoint that they were doing economic espionage,” Meyers said.
In the hacking that Cybereason investigated, executives at the firm said they had first noticed the activity when the attackers breached an Asian subsidiary of a large manufacturing and technology firm.
But it would take months to successfully kick the hackers out of the network, showing how intent they were on their mission, according to Cybereason.