After a lull of a few years, China has resumed cyberintrusions against a swarth of U.S. companies in an effort to steal intellectual property and help Chinese firms surpass their global competitors.
In recent months security researchers have seen Chinese state hackers linked to People’s Liberation Army and the Ministry of State Security target companies in the fields of robotics, artificial intelligence, cloud computing and high-end medical device manufacturing. This development comes after former U.S. President Barack Obama and Chinese President Xi Jinping agreed in 2015 to end cyberespionage campaigns between the two countries.
With China resuming its hacking operations against U.S. businesses, Ross Rustici, Cybereason’s Senior Director for Intelligence Services, said that what matters is how the country is carrying out its campaigns. Instead of using sophisticated techniques that could allow them to evade detection, Chinese hackers are using old tools and getting caught, he said.
This move is intentional and is an attempt by China to express displeasure over a potential trade war with the U.S., Rustici said, adding that “subtle signals is how nations communicate in cyberspace.”
“China’s methods demonstrate that either the U.S. can cooperate and negotiate trade, or it can impose tariffs and cut legitimate intellectual property transfer and instead be pillaged. The message is essentially, ‘We will get your data no matter what. Do you want to make money off of it or not?’” he said.
In April, Rustici raised the possibility that the Trump administration’s blustery talk of imposing tariffs on Chinese goods could prompt the country to resume cyberespoinage campaigns against the U.S. enterprises. And while many reasons could be behind the recent uptick in Chinese hacking activity , a potential trade war is a very likely catalyst. China could reach the conclusion that the U.S. is no longer operating within the realm of traditional trade standards and agreements.
“China could determine that between the tariffs, the affront and market effects of the U.S. reneging on its pledge at the WTO to recognize China as a market economy and the general hostile stance the administration is taking on all things trade, the system is no longer advantageous to them. In that scenario, the easiest and most effective card for them to play is to unleash that latent cybercapacity on the U.S. private sector,” Rustici wrote at the time.
“Our current cyberdetente is exceedingly fragile and is only maintained because it is in the interest of both parties to do so. There are no enforcement mechanisms that insure any level of compliance or penalize a change in behavior. A trade war will change that fundamental calculus. The structural factors underpinning the cyberrisk from Chinese actors against the private sector are going to rapidly change as tariffs and rhetoric increase or subside,” he concluded.
The Chinese cyberrisks faced by U.S enterprises is still tied to the status of trade talks between the two countries, Rustici said. More talk of U.S. sanctions on Chinese goods will lead to more attacks while a trade deal will see the operations subside.
As for the state of the cyberdetente between the U.S. and China, China’s attacks may not mean that the deal is scuttled. “Whether it is a return to form or a limited signal is the open question,” he said.
The U.S. tariffs may have prompted China to resume cyberespionage. If bilateral talks lead to a successful deal, China could likely return to honoring the 2015 agreement. But not resolving the trade dispute (the Trump administration has threatened to impose $50 billion of tariffs on products made in China to reduce the U.S.' $375 billion trade deficit with the country) means more intrusions are likely. But given the impasse between the U.S. and China on trade, U.S. companies shouldn’t expect Chinese hackers to let up any time soon.
