Eight years since the Obama-Xi agreement, Chinese hacking is worse than ever
SAN FRANCISCO — Eight years ago, the United States and China reached an historic treaty agreement that was designed, in part, to end a persistent deluge of cyberattacks targeting American businesses to steal their corporate secrets and intellectual property.
At the time, then-President Barack Obama lauded the agreement in a joint press conference with China President Xi Jinping, saying it marked a “common understanding” between the two nations “that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Eight years later, that sentiment has aged like warmed over milk.
Chinese hackers did not stop targeting American businesses, but according to security experts at Google, they have evolved to become significantly more aggressive and innovative in the years since.
“I’ll tell you investigating intrusions that are orchestrated by China threat actors today are very different than investigating intrusions from … before the Obama/Xi treaty agreement in 2015,” said Charles Carmakal, chief technology officer at Google Mandiant, at an April 24 briefing held during the RSA 2023 Conference in San Francisco.
Prior to the agreement, hackers associated with China were broad and unfocused in the businesses they hacked. Today, a range of threat groups operating in China or working directly on behalf of Beijing to target valuable actors and specific industries with laser-like precision, including defense contractors, telecommunications firms, government agencies and technology companies. Most of those industries tend to manage, own or operate chunks of IT infrastructure on behalf of hundreds, thousands or millions of clients, meaning they can offer a potential pathway to infecting downstream customers, the way Chinese hackers did in the 2021 Microsoft Exchange attacks.
Chinese threat groups’ strategies and tactics change since 2015 agreement
These have also altered their strategies and tactics to increasingly target edge devices like virtual private networks (VPN) and other remote access solutions, firewalls and hypervisors…
