Chinese malware is active in the systems of U.S. companies, according to a cybersecurity firm, but it isn’t clear whether that malware is actively stealing intellectual property.
“We’re seeing activity from a wide range of advanced persistent threat groups,” Laura Galante, director of threat intelligence for cybersecurity firm FireEye, told the Washington Examiner. “But the difference between qualifying whether that’s economic espionage or just malware actively communicating with victims is two very different things.”
China committed not to engage in state-sponsored commercial espionage as part of a Sept. 25 agreement with the United States. However, some officials have expressed skepticism that China would uphold its end of the agreement.
“Are we seeing a breach of the agreement? It’s way too early to tell. It took us months, and it will take everyone months to figure out the broader pieces of activity that are happening,” Galante added. “In all reality, it’s dependent on a combination of visibility and volume of activity that we see. So give it at least another four to five months before we have any handle on what we’re seeing.”
FireEye is the second security firm to report such activity. In an Oct. 19 blog post, CrowdStrike said it had identified at least seven intrusions by Chinese hacker groups after the agreement that appeared to have no purpose other than the theft of commercial secrets.
At the behest of the U.S. in the wake of the agreement, China arrested several hackers connected with previous intrusions. Officials have said that the hacking benefited at least three major, state-owned Chinese companies.
However, experts say that analyzing intrusions of American companies in the moment is challenging in at least two respects. One is in determining whether commercial secrets are being actively stolen as the result of a breach, which is difficult to assess until American products are seen being made by Chinese companies. The second is in ascertaining where private enterprise ends and the government begins in a country where most major companies are state-owned.
“We have separation of powers here and bifurcation between the U.S. government, our private sector, and our criminal elements. They’re pretty spread apart, and they don’t integrate very much,” William Evanina, the U.S. director of national counterintelligence, told theExaminer.
“I think any business entity in China would have a hard time saying that they are not state-sponsored. So the idea of having a [commercial] hacker in China not coordinating their activities or being facilitated by the government of China is probably a stretch,” Evanina added.
Galante said she perceives some dispersion to the threats emanating out of China, and suggests that there is more chaos in the hierarchy than some realize.
“We give a lot of credit to China for being able to have a very structured approach to everything that they’re doing, and certainly that is one of the advantages of a one-party system. But I think a reality in terms of tasking cyberthreat groups is that there’s more of an entrepreneurial environment that’s being cast right now,” Galante said, with criminal elements saying, “if we were to get this type of information, this would be particularly useful, or maybe I’ll try to get this information and see who I can sell it to.”
“It’s sort of anyone’s guess where information is ending up,” she said.