China directs firms to halt use of US and Israeli cybersecurity software

Three people briefed on the matter revealed that Chinese authorities have directed domestic companies to cease using cybersecurity software from firms including Broadcom-owned VMware, Palo Alto Networks, and Fortinet from the US, as well as Israel's Check Point Software Technologies. A third source added Alphabet-owned Mandiant, Wiz whose acquisition Alphabet announced last year, CrowdStrike, SentinelOne, Recorded Future, McAfee, Claroty, and Rapid7 to the list. Israeli additions include CyberArk, acquired by Palo Alto last year, Orca Security, Cato Networks, and Imperva, bought by France's Thales in 2023.

Several companies stated they conduct no business in China. Recorded Future said it has none and intends none. CrowdStrike and SentinelOne noted minimal impact due to lacking offices, staff, or infrastructure there. Orca Security CEO Gil Geron said the firm was not notified and called a ban misguided, emphasizing its defense focus.

Broadcom shares dropped over 4% on January 14, Fortinet more than 2%, and Rapid7 over 1%. Palo Alto remained nearly flat, while Check Point closed slightly higher. Authorities worried the software might gather and send sensitive data abroad.

This fits broader US-China frictions, with a trade truce holding ahead of US President Donald Trump's planned April visit to Beijing. China fears Western gear could be hacked by foreign powers, prompting swaps for local tools like 360 Security Technology and Neusoft. Some targeted firms have accused Chinese hacking, including Check Point's report last month on a China-linked operation against a European government office and Palo Alto's September findings on attacks against diplomats worldwide.