Even as the Chinese spy balloon floated across the U.S., China-linked hackers were gathering far more information by breaking into computer networks in America and around the world, according to a new report by a leading cybersecurity firm.
CrowdStrike says in its annual global threat report that it observed China-linked cyberespionage groups targeting 39 industries on nearly every continent. About a quarter of the hacking was aimed at North America, while most of it targeted China’s Asian neighbors, the report found. The techniques China used have become increasingly sophisticated as cybersecurity has improved, the report found.
“They’re endemic at this point — they're everywhere,” said Adam Meyers, CrowdStrike’s head of intelligence.
U.S. officials say China, like the U.S., hacks into the networks of its adversaries to gather intelligence. But they say China also hacks private corporations to steal intellectual property, which the U.S. says it does not do.
China consistently denies that, while a top American intelligence official once called Chinese hacking of Western companies “the greatest transfer of wealth in history.”
“Hacking remains the chief Chinese espionage activity,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “Hacking is where they make their money — the balloon doesn’t even register.”
In 2015, President Barrack Obama negotiated an “understanding” with the Chinese government that led to a temporary reduction in Chinese hacking of U.S. companies, but it did not last, Lewis and other experts say.
Meyers said he believes Chinese President Xi Jinping signed the agreement because the People’s Liberation Army was reorganizing its cyber forces and he knew Chinese hacking would be temporarily reduced anyway. China denies it hacks to steal trade secrets.
Chinese hacking “has been building back up ever since 2017,” Meyers said.
Chinese hackers have upped their game significantly, he added.
What once were mostly “smash and grab” operations have morphed into sophisticated campaigns to steal credentials and slip quietly into networks.
More than two-thirds of intrusions CrowdStrike documented last year were “malware free,” the report found, meaning attackers entered networks using legitimate credentials, such as passwords. They are usually obtained by persuading users to click on links or open emails that steal passwords.
FBI Director Christopher Wray told the House Homeland Security Committee in November that China's hacking program is the "world's largest."
"They have stolen more Americans’ personal and business data than every other nation combined," Wray added.
The CrowdStrike report also documented a significant uptick in destructive Russian cyberattacks aimed at Ukraine as the war there has unfolded. But it said there were no significant spillover effects into networks beyond Ukraine.
And the report says cybercriminals, including ransomware gangs, “continue to operate at a phenomenal rate."