It may seem like the number of hacking attempts increases every year, but the number of attacks originating from within the borders of at least one country have declined in the past year, according to a new study by network security firm FireEye.
In its “Red Line Drawn: China Recalculates Its Use of Cyber Espionage,” report, FireEye said that the number of hacks coming from the Chinese has fallen dramatically in the last year. But while the overall number of Chinese attacks may be declining, FireEye reported that Chinese hackers may be achieving better results.
Overall Decrease in Network Compromises
“Since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries,” FireEye said in its report.
The study was based on a review of 72 separate groups that are either operating within Chinese borders or supporting Chinese state interests, according to FireEye. The company said that between September 2015 and June 2016, it observed 13 active China-based groups conduct multiple instances of network compromise against corporations in the U.S., Europe, and Japan.
As for the causes behind the decline in the number of attacks, FireEye cited a shift in operations caused by ongoing military reforms, widespread exposure of Chinese cyber operations, and actions taken by the U.S. government.
In part, the decline in Chinese cyberattacks is likely due to changes that have been made since Chinese President Xi Jinping came to power in 2012. Xi has made major moves to centralize control of the military while also restructuring the institution itself. He has also cracked down on individuals using state resources for their own benefit.
Too Much Publicity
Widespread public awareness of the attacks, which has increased dramatically in recent years, has also helped contribute to its decline, FireEye said. This may be particularly true in the case of Unit 61398, a group within China’s People’s Liberation Army (PLA) that has been profiled by the likes of the New York Times for its role in stealing intellectual property from U.S. corporations.
That sort of publicity, combined with public accusations by the Pentagon, has provided the U.S. government with the diplomatic capital needed to pressure the country into reforming its image as the Internet’s biggest villain.
In addition to applying diplomatic pressure, the U.S. has also taken concrete punitive steps against Chinese hackers such as indicting members of the PLA and raising the possibility of employing economic sanctions against the country.
Since 2014, the number of network intrusions conducted by the 72 Chinese groups FireEye observed fell from a high of more than 70 attacks per month to less than 10 per month, resulting in a total of 262 total compromises since 2013, with 182 of them occurring in the U.S.
Nevertheless, Chinese hacker groups continue to attack targets in the U.S., Europe, Japan, and a number of other Asian countries. And while the number of attacks has declined, those that continue have become more focused and calculating, according to FireEye.