Security researchers have warned that Chinese government-affiliated hackers have over the past three weeks attacked several US private sector firms, in a move which could contravene a recent cyber security pact between the two countries.
Dmitri Alperovitch, CTO of threat intelligence firm CrowdStrike, explained in a blog post on Monday that in the three weeks since the 25 September announcement, the CrowdStrike Falcon endpoint security platform has “detected and prevented” several intrusions into customer systems.
“Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit,” he continued.
If this is true it would break the terms of the agreement hammered out between the Obama and Xi administrations in which the two superpowers agreed not to “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
In fact, the first intrusion was just a day after the “newly minted” agreement had been signed, Alperovitch claimed.
“The intrusion attempts are continuing to this day, with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures,” he warned.
The attacks have been traced back to several Chinese government-linked hacking groups including the Deep Panda group CrowdStrike has tracked for many years.
Many of the attacks spotted by the US security vendor featured a China Copper webshell to provide access to internal networks, uploaded to a web server via SQL injection. Plug X and Derusbi malware was also identified.
Although optimistic about the chances of meaningful progress in establishing norms of behavior in cyber space, Alperovitch argued that a crucial piece of the puzzle is missing, which could explain the ongoing attacks: whether the US and China agreed a time frame for implementation.