Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say

The hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sectors, according to Boston-based security firm Cybereason. The firm discovered the activity last year but said the hacking campaign dates to at least 2019, and it suggested that reams of data could have been stolen in the interim.

The research is an unsettling reminder of the scope of the cyber threats facing US businesses and government agencies as the Biden administration attempts to thwart them. For all of the attention on potential Russian hacking due to the war in Ukraine, China’s digital operatives have been very active.

“China opposes groundless speculation and accusations on the issue of hacker attacks,” Liu added. “If the firm really care [sic] about global cyber security, they should pay more attention to the cyber attacks by the US government-sponsored hackers on China and other countries.”

Cybersecurity researchers, and US officials, have for years accused Chinese spy and military agencies of hacking and stealing trade secrets.

China “has a massive, sophisticated cyber theft program,” FBI Deputy Director Paul Abbate alleged in a speech last week to the American Hospital Association, “and it conducts more cyber intrusions than all other nations in the world combined.”

The FBI declined to comment on the Cybereason report.

US officials and cyber-intelligence analysts point to China’s “Made in 2025” plan — an ambitious state plan for achieving economic dominance — as a rubric for the types of companies whose data Chinese hackers have targeted.

Some analysts noticed a temporary dip in Chinese hacking activity shortly after the agreement. But Adam Meyers, senior vice president of intelligence at the cybersecurity firm CrowdStrike, suspects that any lull in Chinese economic espionage at the time may have been due to Xi’s restructuring of the People’s Liberation Army.

“At that period of time, in 2016, we started to see a major shift in Chinese intrusion operations to groups that are now associated with the Ministry of State Security,” Meyers told CNN, referring to China’s civilian intelligence agency.

China’s global cyber-espionage campaigns have increasingly targeted big repositories of valuable data such as telecom and internet service providers, rather than single organizations, Meyers said.

“I think that they’ve really upped their game in terms of going after broader infrastructure, so it’s more difficult to really pinpoint that they were doing economic espionage,” Meyers said.

In the hacking that Cybereason investigated, executives at the firm said they had first noticed the activity when the attackers breached an Asian subsidiary of a large manufacturing and technology firm.

But it would take months to successfully kick the hackers out of the network, showing how intent they were on their mission, according to Cybereason.