Chinese hackers master art of lying low

Chinese hackers master art of lying low

State-sponsored cybercriminals use simple weapons to infiltrate U.S. networks, and then quietly steal data while remaining undetected.

China's remarkable success at infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology expertise.

State-sponsored hacking groups in China are no more -- or less -- sophisticated than criminal and politically motivated cybercrime gangs elsewhere. The difference, experts say, is how the Chinese hackers target victims, their persistence and their ability to lie low and secretly maintain access to breached networks for long periods of time.

The U.S. Department of Defense earlier this month, in a departure from its usually thinly veiled innuendos, openly accused state-sponsored hacking groups in China of launching cyberattacks aimed at extracting information from the U.S. government, military and businesses.

Outside of the Pentagon, such allegations aren't new. Security experts and major corporations like Google and Microsoft have long maintained that hackers in China use cyberattacks to steal military, government and corporate secrets.

The Chinese government has denied that it coordinates hacking campaigns.

However, said Anup Ghosh, CEO and founder of security firm Invincea, "the acknowledgement by the Pentagon is a first step in publicly declaring the threat."

Though the tone of the government's report on Chinese cybercrime is ominous, the reality of cyber expertise in the country is more mundane, say security experts.

"It's not that the Chinese have some unbeatable way of breaking into a network," said John Pescatore, director of emerging security trends at the SANS Institute. "What is innovative is their targeting."

Pescatore said U.S. contractors and defense and high-tech companies that could be targets of Chinese espionage efforts should be less concerned about the origin of the attacks than about the need to shut down basic vulnerabilities and fix configuration errors in their corporate networks.

While China likely does have an arsenal of attack techniques and zero-day assault tools, it usually "uses the lowest level of tools and the easiest means to get in" to networks, said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. If the Chinese hackers do come up against a sophisticated company, "they will up their game," he added.

Many of the hackers operating out of China have become adept at stealing legitimate corporate network credentials and then using them to log in as an employee, McWhorter said.

After they strike, the attackers are quick to erase all signs of a break-in, making it difficult for a company to even know that it was compromised. Therefore, the hackers are able to extract a lot of data without attracting suspicion, McWhorter said.

If a company does discover such a breach, IT managers must exercise great care not to tip off the hackers, he said.

Unlike the exploits of many European cybergangs, most of the malicious hacking activity originating in China focuses on industrial espionage and theft of trade secrets. McWhorter said Chinese hackers generally don't bother taking financial data and other personal information from individuals.

Jeremy Kirk of the IDG News Service contributed to this story.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on

Read more about security in Computerworld's Security Topic Center.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftGoogleGovernment/IndustriesCybercrime and HackingU.S. Department of Defense



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments