The Intelligence Community and private sector security experts continue to identify ongoing Chinese cyber activity, although at lower volumes than existed before the bilateral September 2015 U.S.-China cyber commitments. Most Chinese cyber operations against U.S. private industry that have been detected are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide. Examples of identified ongoing Chinese cyber activity include the following:
- According to several cyber intelligence companies, in 2017 the China-associated cyber espionage group APT10 continued widespread operations to target engineering, telecommunications, and aerospace industries. APT10 targeted companies across the globe, including the United States, using its exploitation of managed IT service providers as a means to conduct such operations.
- Cybersecurity researchers have found links between Chinese cyber actors and a back door in the popular CCleaner application that allowed the actors to target U.S. companies, including Google, Microsoft, Intel, and VMware.
- In November 2017, PricewaterhouseCoopers (PWC) reported that the China-based APT, known as KeyBoy, was shifting its focus to target Western organizations. According to PWC, the targeting likely was for corporate espionage purposes. KeyBoy previously focused on Asian targets, according to commercial cybersecurity reporting.
- According to FireEye, in 2017 TEMP.Periscope continued targeting the maritime industry as well as engineering-focused entities including research institutes, academic organizations, and private firms in the United States. FireEye has detected sharp increases in targeting in early 2018 as well.
We believe that China will continue to be a threat to U.S. proprietary technology and intellectual property through cyber-enabled means or other methods. If this threat is not addressed, it could erode America’s long-term competitive economic advantage.
