Volatility in the Chinese Stock Market and Economic Slowdown: A Potential Driver for Cyber Espionage Activity
Chinese President Xi Jinping traveled to the United States last week for talks on a range of issues, including cyber security. The visit came amid a slowdown in China’s economy after years of staggering growth. In late August, economic concerns triggered a Chinese “Black Monday” that led to large-scale sell-offs in Chinese capital markets and floundering stock prices that reverberated worldwide.[i]
The Chinese government has taken several major actions to prop up prices, including cutting interest rates, implementing a de-facto suspension of initial public offerings, prohibiting the sales of certain stocks, criminalizing “malicious” short sales, and further devaluing the country’s currency.
Persistent economic troubles and the government’s steps to contain any fallout may drive Beijing to use other tools—particularly cyber espionage—to steal intelligence that could be applied to manage economic instability. Information at the highest-risk includes proprietary information that Chinese policymakers could use to shore up China’s financial infrastructure, stabilize the markets, and implement economic reforms.
The Economic Growth Machine Sputters, but the Cyber Espionage Machinery is Humming Along
According to some analysts, Black Monday was, in part, a reaction stemming from investor concerns over the slowing pace of China’s economic growth. The Chinese government has implemented reforms to transition from an export-oriented to a consumer driven economy. As a result, China has readjusted its economic targets to align with reduced growth. These changes have fueled investor anxiety, resulting in mass sell-offs contributing to the instability of the country’s stock market, which appeared to reach its peak with Black Monday.
The volatility of China’s stock market not only deals a blow to investors, but also to the Chinese leadership, whose domestic legitimacy is dependent in part on a veneer of competent governance—including stabilizing the economy.  The government’s struggles to reform China’s economy, not to mention moderate any fluctuations in the stock market, present a challenge to this narrative. China’s economic troubles also have the potential to lead to strife within the government, as officials heavily involved designing and implementing economic policies may be viewed as responsible for the markets’ continued instability.
Given the threat to the government’s legitimacy and unity and individuals’ reputations and careers, Beijing likely will try and use its well-documented, ongoing, and formidable cyber espionage capabilities in support of its economic initiatives.
In the past several years, FireEye has seen Chinese advanced persistent threat (APT) groups conduct intrusions that we suspect were intended to collect economic and financial intelligence. Two Chinese APT groups in particular, APT3 and APT12, have repeatedly pursued financial institutions involved in macroeconomics, financial markets, and monetary policy, probably to steal information on the financial health of the major players in world markets. The government may be particularly interested in insights into other markets and allegedly “illegal” trading.
- Trouble in Other Markets: Indicators of future trouble in U.S. or other major markets would also be of high value. The Chinese government may use the information to identify impending challenges and implement a response to mitigate effects on the country’s economy.
- Market Insights: Chinese cyber threat groups probably will also target financial analysts predictions and insights into the Chinese markets. In addition, these groups are likely to monitor media outlets that are reporting on the situation to ensure the coverage is not unfavorable to the government.
- Illegal Trading: Foreign regulators and other organizations to help Chinese regulators prosecute individuals and organizations engaging in “malicious” short sales or other banned investing tactics could be come another top target. We recently saw a suspected Chinese group compromise an institution with visibility into the trading activity of investors on the Chinese stock market. The group may have sought information to help Chinese regulators identify and prosecute illegal trading activity in this time of turmoil. In its eagerness to demonstrate competence and deflect blame, the Chinese government recently presented the public with a culprit “responsible” for the crisis and televised what was almost certainly a forced confession from a financial journalist whose reporting allegedly led to the stock market’s collapse.
Cyber espionage against financial organizations is nothing new. As the Chinese government becomes more concerned with the country’s economic health, it will probably increasingly rely on cyber operations to inform new policies and enforce current ones—regardless of the agreements made with the U.S. on cyber issues. Major foreign financial institutions may see an increase in targeted threat activity, as could other organizations that possess unique visibility into the Chinese economy or markets.
 For other scenarios where Chinese cyber threat groups targeted media outlets, presumably around unfavorable coverage, see Perlroth, Nicole. “Hackers in China Attacked The Times for the Last 4 Months.” 30 Jan. 2013. Web. 1 Sept. 2015.