It has long been claimed by US cybersecurity experts that cyberspying to harvest intellectual property, rather than quick cash from online bank accounts, was a practice emanating mostly from China. Plausible deniability remains because attribution is so uncertain in cyberspace. Chinese embassy officials in Washington routinely deny any responsibility for cyberespionage on US targets.
Yet there are signs now that the attribution problem is closer to being solved, US experts say.
"We're tracking over a dozen nation-state groups right now that are affiliated with China," says Dmitri Alperovitch, chief technology officer for CrowdStrike, a startup cybersecurity company focused on taking undisclosed "offensive" security measures. "We have a deep understanding of them and attribution down to the individual level. They're operating in China, and we're watching them. Even though they're unlikely be brought to justice in the US, we understand a lot today."
Among the 20 or so identifiable Chinese cyberespionage groups, the two that dwarf the others are the Elderwood Gang and the Comment Crew. The two have many different names, with researchers giving them different monikers. To Dell Secureworks cyber counterspy expert Joe Stewart, they are the Beijing Group and the Shanghai Group because of where their activities seem to originate. To Mr. Alperovitch of CrowdStrike, they are Sneaky Panda and Comment Panda.
Symantec called the first group “Elderwood” because the name appears in a source-code variable used by the attackers. In Google's case, the gang reportedly made off with at least some of the search company's source code – secret algorithms that have made it so successful. Nobody knows exactly how much was stolen from the networks of the other companies.