How China, Russia, Iran target US with economic espionage

China, Russia and Iran are ramping up their theft of trade secrets and proprietary information from U.S. companies, government labs and universities to hurdle America's competitive edge.

A new government cyber report, released Thursday by the National Counterintelligence Security Center, offers these recent examples of the economic espionage it says poses a significant threat to U.S. prosperity and security:

___

CHINA

—In November, three Chinese nationals were accused of operating a cybersecurity firm that used phishing scams and malware to steal data from international corporations. A federal indictment unsealed in Pittsburgh, Pennsylvania, said the trio's targets included Siemens AG, Moody's Analytics in New York and Trimble Inc. in Sunnyvale, California.

—Cybersecurity experts found links between Chinese cyber actors and a back door that allowed entry into commercial software known as CCleaner. This back door allowed them to target U.S. companies, including Google, Microsoft, Intel and VMware.

—In November, PricewaterhouseCoopers reported that another China-based hacker group, known as KeyBoy, was moving beyond targets in Asia to conduct cyber snooping on Western corporations.

—Chinese cyberespionage actors, known as TEMP.Periscope, continued to target the maritime industry and U.S. research institutions, academic organizations and private firms that are focused on engineering. FireEye, a California security research firm, has detected sharp increases in this group's targeting early this year.

—Last year, the China-linked cyberespionage group APT10 was involved in widespread operations to target engineering, telecommunications and aerospace industries across the globe, including the U.S.

____

RUSSIA

—In 2016, a hacker known as Eas7, told Western news reporters that she had collaborated with the Russian Federal Security Service, formerly the KGB, on economic espionage missions. She estimated that "among the good hackers, at least half" work for government agencies, suggesting that Moscow employs cyber criminals so they can deny being behind the operations.

—Russian government hackers last year compromised dozens of U.S. energy firms, including their operational networks. The operations were conducted to collect intelligence, gain access so the hackers could later launch service disruptions and provide sensitive U.S. intellectual property to Russian companies.

—The Russian state-sponsored cyberoperation known as APT28 has been gathering intelligence on U.S. and European defense and geopolitical issues since at least 2007. Obtaining sensitive U.S. defense industry data could give Russia economic and security advantages as it seeks to strengthen and modernize its military.

___

IRAN

—An Iranian hacker group called Rocket Kitten has been targeting U.S. defense companies seeking sensitive U.S. military technology to help Tehran improve its missile and space programs.

—The Iranian OilRig hacking group, which historically has targeted Saudi Arabia, has stepped up its attacks on U.S. financial institutions and information technology companies.

—The Iranian hacking outfit called APT33 has targeted energy companies to help improve Iran's petrochemical production and technology.