"If you can obtain legitimate VPN credentials and start logging in as a real person, the situation becomes very difficult," for the targets, McWhorter said. Hackers are often able to extract huge quantities of data through the VPN tunnel without attracting any suspicion, he said.
Even when companies discover a breach, they have to exercise great care not to tip off the hackers and drive them even deeper into the network, he said.
Unlike cybergangs operating out of Europe, most of the malicious hacking activity from China appears to be focused on industrial espionage and trade secret theft. Even when there is an opportunity for the hackers to grab financial and personally identifiable information, Chinese hackers have preferred not to go after such data, he said.
"Almost everything we track out of China is state-sponsored," McWhorter said. "It's a whole different genre of crime compared to what tends to come out of places like East Europe. Persistence isn't a big deal to East European gangs. Their approach has been to smash the glass, grab the jewelry and run. They are not there to be stealthy. They are not there to remain hidden for months and years."
The best measurement of the capability of the adversary isn't always the sophistication of the malware used, said Rocky DeStefano, founder and CEO of security analytics firm Visible Risk. Often, the tactics employed by the adversary to maintain or advance control within the network in response to defender activities is important as well.
So also is the actual information, people or systems that are being targeted by the hackers. "Was it only the latest updates to your most advanced research" that the hackers were after? "Or was it a general dump of information?" he asked.
Based on such measures, Chinese hacking groups would appear to rank behind the U.S., Israel and the U.K in terms of raw capability, DeStefano said.
"At the end of the day, it's not about latent vulnerabilities or advanced attacks," said Anup Ghosh, founder and CEO of security firm Invincea. "It's about what works for the least amount of effort or expertise required."
Over the past several years there has been a systematic compromise of all major sectors of the U.S. economy. "To scale to this size and scope there is necessarily heavy re-use of known vulnerabilities and their exploits. These often work because of the difficulty in patching software particularly in the enterprise space," Ghosh said.
Though the actors behind these exploits may be different, the methods used to compromise computer systems are shared among cybercriminals and nation states, he said. "Bottom line is, if you can be successful with conventional toolkit exploits, you use them instead of burning zero-days."