China still targeting US firms, regardless of previous promises

The attacks started almost immediately after the two Presidents came to an agreement

jinping obama china
Credit: REUTERS/Kevin Lamarque

Three weeks after the US and China agreed to stop "cyber-enabled theft of intellectual property" a new report from CrowdStrike shows that the Communist nation almost immediately broke their word. The sad part is, no one is at all surprised by their findings.

In a blog post, CrowdStrike's Dmitri Alperovich said that the first observed intrusion was detected on September 26 – one day after President Barack Obama hosted President Xi Jinping of China for a State visit.

"Over the last three weeks, CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government. Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit," Alperovich wrote.

"The intrusion attempts are continuing to this day, with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures."

CrowdStrike, using their own tools, were able to observe the attacks and noted that the attackers hadn't bothered to alter their methods or other tradecraft. In addition, many of the attacks were undertaken by a number of known Chinese groups, including the group known as Deep Panda.

The agreement with China doesn't prohibit spying for national security reasons, but it does ban economic espionage.

The fact that Deep Panda was discovered among the active attacks comes as no surprise. The group, which has ties to the Chinese military, is suspected of being behind the attacks at Anthem earlier this year.

The report notes that a most of the detected intrusions were done though Web server compromises, with SQL Injection being the main vector of attack, resulting in the delivery of China Chopper shells, which offer access to the victim's network.

Reuters reported that Chinese Foreign Ministry spokeswoman, Hua Chunying, said that the government opposes all forms of hacking or stealing commercial secrets.

Cybersecurity market research: Top 15 statistics for 2017