A security firm has observed that hackers associated with the Chinese government attempted to infiltrate U.S. firms even after the United States and China agreed to neither conduct nor support activities that would result in the theft of intellectual property online. On September 25th, at the end of Chinese President Xi Jinping's visit to the United States, the White House released a statement that, among other things, indicates the U.S. and Chinese governments' commitment to provide assistance on malicious targeted attacks, to resist conducting espionage with the intent to steal intellectual property, to contribute to the conversation of developing collaborative norms in the digital space, and to jointly dedicate resources towards the fight against computer crime. According to Dmitri Alperovitch, co-founder of and CTO at CrowdStrike, this soft agreement between the United States and China has all ready been violated.
"Over the last three weeks, CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government," writes Alperovitch in a blog post. "Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit."
Alperovitch goes on to note that the first intrusion by the Chinese actors occurred on Saturday, September 26th, the very next day after Presidents Barack Obama and Xi Jinping agreed to the cyber security pact. The hackers are also believed to be made up of a variety of groups and to have used a program known as Derusbi, which was recently used in the breach against health insurer Anthem.
Source: CrowdStrike In response CrowdStrike's findings, Hua Chunying, a spokesperson for the Chinese Foreign Ministry, has re-articulated her government's opposition to hacking activities that result in the theft of trade secrets.
"Internet hacking attacks are marked by their secretive, cross border nature," she told a daily news briefing, as reported by Reuters.
Meanwhile, a senior official in the Obama administration has stated that they are aware of CrowdStrike's report and that they will continue to monitor China's activities with regards to the recent Sino-American agreement. This announcement and its violation come amid heightened tensions between the two countries on the issue of cyber security, including China's possible role in a breach against the Office of Personnel Management (OPM) earlier this year. The country has denied all involvement in this incident.