Threat Research

Chinese Leadership Change and the Advanced Persistent Threat

The change in leadership of the Chinese Communist Party (CCP) and the People's Republic of China (PRC) during the 18th National Congress of the CCP in November 2012 marks only the second stable transfer of power in CCP history. While this transition is unlikely to cause large-scale change, the new composition of the Standing Committee of the Politburo will nonetheless impact the PRC's economic and political future in the near and long term.

We at Mandiant have considered the strategic impact this change will have on Advanced Persistent Threat (APT) groups and the current cyber espionage campaign that has been traced back to the PRC. We have determined that the new leaders will only enhance the influence that the People's Liberation Army (PLA), State Owned Enterprises (SOE), and national-level central planning initiatives have already had in contributing to an environment which produces and nurtures APT. Although it is not entirely clear if cyber espionage is an intentional or unintentional byproduct of these factors, we cannot ignore the reality that network intrusions and cyber espionage efforts against worldwide corporate and government entities might very well receive PRC resources and sponsorship.

The following considerations serve as a basis for this judgment:

  • newly-appointed General Secretary of the CCP, Chairman of the Central Military Commission (CMC), and President Xi Jinping has probably already played a role in creating the conditions for and condoning cyber espionage;
  • both outgoing and incoming leaders have been directly involved in the operations of SOEs, the entities that are most likely driving and benefiting from cyber corporate espionage, for decades and have vested interest in seeing those SOEs succeed at various political, economic and social levels;
  • central planning requirements, such as those in the 12th 5-Year Plan (or Guideline) and the Strategic Emerging Industries initiative, continue to exert heavy pressure on the SOEs to rapidly field cutting-edge technology and weaponry with minimal costs;
  • the continuing institutionalization of the PRC senior leadership and the vested interests in cyber corporate espionage means there will be less ability for Chinese leaders to stop, restrict or otherwise control APT activities in the long term.

We understand the importance of China in the global economy and that failure to take advantage of that market could be fatal. However, we do not believe in painting a gloom and doom portrait of China and its cyber capabilities. Rather, we hope to provide some context to facilitate an understanding of the risks and mitigate them where and when necessary. Understanding what APT groups seek, how they will acquire this information, and what their activities mean in the larger scheme of PRC strategic issues is the first step in gauging the problem. From there, a mix of intelligent preventive measures and immediate remediation in the event of penetration, can go a long way to combating current and future targeted threats.