A new report from the U.S. government's spy-catchers says that China, Russia and Iran are "three of the most capable and active cyber actors" when it comes to stealing American economic information, but the playing field is not even.
The report, published today by the National Counterintelligence and Security Center, says China's hacking activity against U.S. targets dropped off noticeably after a 2015 cyber agreement, but the Asian giant continues to go after "cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide."
"China's cyberspace operations are part of a complex, multipronged technology development strategy that uses licit and illicit methods to achieve its goals," the report says, describing subtle, off-line information collection avenues like "academic collaborations" and "research partnerships."
The report describes Russia as a "sophisticated adversary" that will continue to try to steal U.S. technology almost out of desperation.
"The threat to U.S. technology from Russia will continue over the coming years as Moscow attempts to bolster an economy struggling with endemic corruption, state control, and a loss of talent departing for jobs abroad. Moscow’s military modernization efforts also likely will be a motivating factor for Russia to steal U.S. intellectual property," it says. "Experts contend that Russia needs to enact structural reforms, including economic diversification into sectors such as technology, to achieve the higher rate of gross domestic product growth publicly called for by Russian President Putin. In support of that goal, Russian intelligence services have conducted sophisticated and large-scale hacking operations to collect sensitive U.S. business and technology information." (The report does not mention alleged election-related cyber attacks.)
Iran, an "increasing cyber threat," focuses its cyber operations mostly still in the Middle East, but the report says that "a subset of this Iranian cyber activity aggressively targeted U.S. technologies with high value to the Iranian government."
For example, the report said, "The Iranian hacker group Rocket Kitten consistently targets U.S. defense firms, likely enabling Tehran to improve its already robust missile and space programs with proprietary and sensitive U.S. military technology."
At the end of the report, the NSCS lists some responses the U.S. government has used to dissuade cyber attacks from foreign nations, including "public statements and attribution, diplomatic demarches, economic sanctions, and law enforcement actions." Missing from that list is a controversial option: swinging back in cyberspace.
[Like what you see and read on Code and Dagger? Become a Patreon and help keep the lights on. Do you have a tip or question? Reach out at CodeAndDagger@protonmail.com.]