China discloses cyberwarfare unit, no one surprised

Many cybersecurity vendors have been tracking attacks from China for years

It came as a shock to just about no one in the cybersecurity industry that China has a cyberware unit, which was acknowledged by the government there this week.

While the Chinese government has long denied attacking U.S. targets, U.S. businesses and government agencies have complained for years about attacks originating from China.

The Chinese government noted the existence of the country's cyberwarfare unit in "The Science of Military Strategy," a publication put out by a research institute of the People's Liberation Army, according to news reports this week. The U.S. military has acknowledged its own cyberwarfare capabilities for over a decade.

The reaction of the U.S. cybersecurity industry was a collective, "that's obvious."

"China confirming it has a cyberwarfare unit is the equivalent of scientists coming out today and saying the Earth is not flat," Brett Fernicola, CISO at cybersecurity vendor Stealthbits Technologies, said by email.

In many cases, attacks from China are not sophisticated, Fernicola said, but U.S. businesses still need to defend their systems. "Everyone needs to stay on their toes," he added. "If you leave your backdoor unlocked you can bet someone from some foreign nation is going to walk in."

It's "naive" to think countries aren't developing cyberwarfare capabilities, said Ken Westin, security analyst at Tripwire, a cybersecurity vendor. China appears to employ what Westin called "cybermercenaries" focused on economic espionage in addition to more official teams, he said by email.

There's some disagreement about the sophistication of China-based attacks, with some complex schemes attributed to hackers from the country. Last May, the U.S. Department of Justice charged five supposed members of the People's Liberation Army with hacking into computers and stealing trade secrets from six U.S. organizations in the nuclear power, steel and solar industries.

Back in early 2010, Google accused the Chinese government of sponsoring attacks against it and several other tech vendors.

The Chinese also appear to have their hands in several more recent attacks, said Rich Barger, chief intelligence officer at ThreatConnect, another cybersecurity vendor. Recent attacks on health care vendors Anthem and Premera Blue Cross appear to have the fingerprints of Chinese hackers, he said by email.

"No one is surprised to discover China's cyberwarfare capabilities because even non-governmental organizations are able to unofficially attribute incidents to Chinese advanced persistent threats with nation state ties, given they have the right technology, methodology and collaboration," he added.

The U.S. government needs to step up its game against attacks from China and other nations, said John Gunn, vice president of Vasco Data Security.

"The U.S. must develop the capability to launch both preemptive and retaliatory attacks to establish a meaningful deterrent," he said by email. "Private investment in cybersecurity is important, but we also need the equivalent of 'boots on the ground' in our battle against foreign cyberterrorists and hacking organizations."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Government use of ITTripwireRich BargerChinese People's Liberation ArmyBrett FernicolaVasco Data SecurityThreatConnectExploits / vulnerabilitiesprivacyKen WestinintrusionGooglesecuritygovernmentJohn GunnU.S. Department of JusticeStealthbits Technologies

More about Department of JusticeGoogleIDGNewsTripwireVascoVasco Data Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts