Cybersecurity analysts in the United States claim they have sourced a bulk of the China-based cyberattacks against America back to as few as 12 groups backed or directed by the government, according to The Associated Press:
The aggressive but stealthy attacks, which have stolen billions of dollars in intellectual property and data, often carry distinct signatures allowing U.S. officials to link them to certain hacker teams. Analysts say the U.S. often gives the attackers unique names or numbers, and at times can tell where the hackers are and even who they may be.
Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant.
The report references several high profile cases of corporate cyber espionage, which has outpaced attacks focused on the U.S. government in recent years, including an assault earlier this year on Google and the accounts of several hundred Gmail users. A Financial Times investigation recently uncovered a Chinese tech company operating as a front for a People’s Liberation Army cybermilitia, and earlier this month an American intelligence report labeled China as the world’s most prolific perpetrator of economic espionage.
Criticism of China’s cyberattacks has grown increasingly public, with U.S. House Intelligence Committee Chairman Mike Rogers has urged action and readied legislation that would encourage the government to share intelligence information with companies in danger of cyberthreats. The Wall Street Journal reported today that the newly discovered information linking various groups to specific attacks will allow the U.S. to more directly raise the issue with China:
In many cases, the National Security Agency has determined the identities of individuals working in these groups, which is a critical development that provides the U.S. the option of confronting the Chinese government more directly about the activity or responding with a counterattack, according to former officials briefed on the effort.
“It’s actually a small number of groups that do most of the PLA’s dirty work,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently advises the Obama administration. “NSA is pretty confident of their ability to attribute [cyberespionage] to this set of actors.”
…
Still, diplomatic considerations may limit the U.S. interest in taking a more confrontational approach because some U.S. officials are wary of angering China, the largest holder of U.S. debt.