CHINESE authorities have told domestic companies to stop using cybersecurity software made by more than a dozen firms from the US and Israel due to national security concerns, three people briefed on the matter said.
As trade and diplomatic tensions flare between China and the US and both sides vie for tech supremacy, Beijing has been keen to replace Western-made technology with domestic alternatives.
The US companies whose cybersecurity software has been banned include Broadcom-owned VMware, Palo Alto Networks and Fortinet, while the Israeli companies include Check Point Software Technologies, two of the sources said. The third source said other companies whose software was banned included Alphabet-owned Mandiant and Wiz, whose purchase Alphabet announced last year, as well as US firms CrowdStrike, SentinelOne, Recorded Future, McAfee, Claroty, and Rapid7.
Israeli firm CyberArk, whose purchase was announced by Palo Alto last year, was also on the list, as were Orca Security and Cato Networks, two Israeli firms, and Imperva, which was purchased by French defense firm Thales in 2023.
SHARES SLIDE FOLLOWING SOFTWARE BAN
Recorded Future said in an email that “Recorded Future does not do business in China, and has no intention to do business in China.” McAfee said it is a consumer-focused company whose technology “is not built for government or enterprise use.”
CrowdStrike said it did not sell into China and did not have offices, hire people or host infrastructure there, and thus could “only be negligibly affected.” SentinelOne said it had “no direct revenue exposure to China” as it did not sell to Chinese entities or resellers and had no offices there.
The other blacklisted companies did not immediately respond to Reuters’ requests for comment.
Shares of Broadcom were down more than 5% in Wednesday afternoon trading, while Palo Alto’s shares slipped about 1%. Fortinet shares fell around 2%.
Reuters was unable to establish how many Chinese companies received the notice that the sources said was issued in recent days.
Chinese authorities expressed concern the software could collect and transmit confidential information abroad, the sources said. They declined to be named due to the sensitivity of the situation.
China’s internet regulator, the Cyberspace Administration of China, and the Ministry of Industry and Information Technology had not responded to requests for comment at the time of publication.
PREPARATIONS UNDER WAY FOR TRUMP VISIT
The United States and China, which have been locked in an uneasy trade truce, are preparing for a visit by US President Donald Trump to Beijing in April.
While the West and China have clashed over China’s efforts to build up its semiconductor and artificial intelligence sectors, Chinese analysts have said Beijing has become increasingly concerned that any Western equipment could be hacked by foreign powers.
It has therefore sought to replace Western computer equipment and word processing software.
The country’s largest cybersecurity providers include 360 Security Technology and Neusoft.
Some of the US and Israeli companies facing a ban for their part have repeatedly alleged Chinese hacking operations, which China has denied.
Last month, Check Point published a report on an allegedly Chinese-linked hacking operation against an unidentified “European government office.” In September, Palo Alto published a report alleging a Chinese hacking effort targeted diplomats worldwide.
SIGNIFICANT CHINESE FOOTPRINT
Several of the firms do not conduct business with Chinese clients, but others have built a significant footprint in China.
Fortinet has three offices in mainland China and one in Hong Kong, according to its website. Check Point’s website lists support addresses in Shanghai and Hong Kong. Broadcom lists six China locations, while Palo Alto lists five local offices in China, including one in Macau.
The politics around foreign cybersecurity vendors has long been fraught. Such firms are often staffed with intelligence veterans, they typically work closely with their respective national defense establishments, and their software products have sweeping access to corporate networks and individual devices – all of which at least theoretically provides a springboard for spying or sabotage.
Suspicions about the origin and motive of Russian anti-virus firm Kaspersky, for example, eventually led to a purge of the software from US government networks in 2017. In 2024, sales of Kaspersky products were banned across the United States.— Reuters
