Foreign spies from China, Russia, and Iran are conducting aggressive cyber operations to steal valuable U.S. technology and economic secrets, according to a U.S. counterintelligence report.
The report by the National Counterintelligence and Security Center, a DNI counterspy unit, concludes China is among the most aggressive states engaged in stealing U.S. proprietary information as part of a government-directed program.
Artificial intelligence and the internet of things are giving adversaries new tools for cyber spying, the report said.
Key technologies under cyber attack from foreign economic spies are related to the energy, biotechnology, defense, environmental protection, high-end manufacturing, and information and communications industries.
“China’s cyberspace operations are part of a complex, multipronged technology development strategy that uses licit and illicit methods to achieve its goals,” the report says.
“Chinese companies and individuals often acquire U.S. technology for commercial and scientific purposes,” the report states. “At the same time, the Chinese government seeks to enhance its collection of U.S. technology by enlisting the support of a broad range of actors spread throughout its government and industrial base.”
The report warned that the problem is continuing and urged greater efforts to counter Chinese cyber economic spying.
“We believe that China will continue to be a threat to U.S. proprietary technology and intellectual property through cyber-enabled means or other methods,” the report said. “If this threat is not addressed, it could erode America’s long-term competitive economic advantage.”
Among the methods used for the Chinese economic espionage program are traditional spies attached to the Ministry of State Security and military intelligence offices as well as a wide range of non-traditional spies.
Those include some of the 350,000 Chinese students currently studying in the United States, along with Chinese engaged in business.
Beijing also uses joint ventures between Chinese and U.S. companies, research partnerships with laboratories and other research centers, the purchase of American companies, front companies, and the use of Chinese laws that seek to force American companies operating in China to provide trade secrets.
Chinese economic spying is continuing despite a promise by Chinese leader Xi Jinping in September 2015 not to engage in commercial spying. The level of cyber economic espionage, however, by China has been lower since the accord, the report said.
Security experts have identified Chinese economic espionage targeting of engineering, telecommunications, and aerospace companies.
Beijing cyber spies also hacked the popular CCleaner app that was used by China to target Google, Microsoft, Intel, and VMwar.
A Chinese hacker dubbed KeyBoy last year began conducting cyber spying operations against western corporations, and another group, TEMP.Periscope conducted cyber attacks on the maritime industry and research and academic organizations.
The security firm FireEye said “sharp increases” in Chinese cyber attacks were detected in early 2018.
“Most Chinese cyber operations against U.S. private industry that have been detected are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide,” the report said.
The report concluded the economic spying poses a strategic threat to the United States advanced research and technology.
“China, Russia, and Iran stand out as three of the most capable and active cyber actors tied to economic espionage and the potential theft of U.S. trade secrets and proprietary information,” says the 20-page report, noting that other states with closer U.S. ties also are using cyber espionage.
“Despite advances in cybersecurity, cyber espionage continues to offer threat actors a relatively low-cost, high-yield avenue of approach to a wide spectrum of intellectual property.”
Russian economic espionage also threatens U.S. technology as Moscow seeks to bolster an economy hit hard by international sanctions and what the report said is “endemic corruption, state control, and a loss of talent departing for jobs abroad.”
“An aggressive and capable collector of sensitive U.S. technologies, Russia uses cyberspace as one of many methods for obtaining the necessary know-how and technology to grow and modernize its economy,” the report said.
Russia uses intelligence penetrations of public and private enterprises to obtain sensitive technical secrets. Commercial and academic exchanges also are used for spying, along with recruitment of Russian immigrants in the United States who have technical skills.
“Russian intelligence services have conducted sophisticated and large-scale hacking operations to collect sensitive U.S. business and technology information,” the report said.
The report said the Department of Homeland Security in September 2017 ordered federal agencies to remove security software from Russia’s Kaspersky Lab over concerns the software could be used by cyber espionage.
The Iranians are a growing cyber economic espionage threat, according to the report.
“The loss of sensitive information and technologies not only presents a significant threat to U.S. national security,” the report said. “It also enables Tehran to develop advanced technologies to boost domestic economic growth, modernize its military forces, and increase its foreign sales.”
Under a section on emerging threats, the report states that cyber spies are infiltrating software supply chain networks and using the compromised software for spying operations.
“Our goal in releasing this document is simple: to provide U.S. industry and the public with the latest unclassified information on foreign efforts to steal U.S. trade secrets through cyberspace,” said the center director, William R. Evanina.
“Building an effective response to this tremendous challenge demands understanding economic espionage as a worldwide, multi-vector threat to the integrity of both the U.S. economy and global trade.”