On Sunday, the Washington Post was the first to report that the Obama administration is preparing a selection of possible economic sanctions against businesses and individuals in China who have engaged in or benefited from the cybertheft of valuable American government or industry secrets.
However, the anonymous administration officials who spoke to the Post say that the government has not yet decided whether to actually issue these sanctions. Either way, a final decision is expected soon, possibly within two weeks.
The Post's report only mentioned Chinese hackers, not Russian. However, the next day, Reuters reported that the administration was also considering sanctions against Russian hackers as well.
This news comes the same month that that Chinese President Xi Jinping is scheduled to be a guest at the White House during his first official state visit to the United States. Even if such sanctions are imposed, it's unclear whether this will happen before, during, or after Jinping's visit.
Security experts and investigators have long suspected that Chinese and Russian hackers are responsible for many of the significant cybersecurity breaches discovered in the past couple of years — though both governments have consistently denied these accusations.
Hackers with Chinese government support are believed responsible for (among other things) the network breaches of the United States Postal Service employee-information database, the confidential Office of Personnel Management files on 22 million federal security-clearance holders, the private email accounts of various high-ranking U.S. officials, and the past year's various hospital or health insurance company hackings including Anthem, Premera Blue Cross, and CareFirst Blue Cross/Blue Shield.
In early August, security researchers from Dell SecureWorks said they'd discovered a group of unusually sophisticated Chinese hackers believed responsible for targeting defense, commercial, industrial, and political targets all over the world.
Meanwhile, it's believed that Russian hackers were responsible for multiple other breaches, including the computer networks at the U.S. State Department and the White House – including the president's personal email and daily schedule.
Russian hackers are also believed to be responsible for a cyberespionage campaign dubbed “Russian doll,” which spied on American defense contractors, NATO officials and diplomats, and other people in whom Russia's government might take a particular interest.
An unnamed U.S. official told Reuters that the proposed sanctions, if put into effect against individuals or organizations, would effectively cut them off from using the U.S. financial system, which “could be a death sentence for a serious business venture.”
Zhu Haiquan, a spokesman for the Chinese Embassy, released a statement saying that “The Chinese government staunchly upholds cyber security, firmly opposes and combats all forms of cyber attacks in accordance with law,” but “groundless speculation, hyping up or accusation is not helpful to solve the problem.”
The Russian Embassy has not commented.