Chinese attacks resumed one day after the pact was signed

Oct 19, 2015 12:16 GMT  ·  By

The US and China anti-spying pact did not yield the desired results for some US companies, which, despite the pompous White House announcement, have yet to see a stoppage of attacks from known Chinese-sponsored hacking groups.

While only a week ago we were reporting on some arrests made by the Chinese government among its own cyber-intelligence forces, the situation is not as rosy as we were led to believe.

According to US cyber-security vendor CrowdStrike Inc., attacks from Chinese hackers were recorded on a regular basis before, during, and after the Obama-Xi presidential meeting, and the subsequent announcement of the US-Chinese anti-spying agreement.

CrowdStrike gathered this information with the help of its CrowdStrike Falcon security platform, installed on the IT infrastructure of multiple Fortune 500 companies.

Attacks were recorded one day after the anti-spying pact was signed

As the security vendor is reporting, on September 26, a day after the anti-spying pact was announced, known Chinese-sponsored hackers tried to infiltrate the network of a US company activating in the technology field.

The attacks slowly continued in the ensuing days, and CrowdStrike recorded multiple attempts on five tech companies and two firms from the pharmaceutical sector.

These attacks were intentionally constructed, aimed and carried out so they would allow attackers to exfiltrate valuable intellectual property from the target's servers, something expressly prohibited by the official US-China agreement.

Attribution to Chinese state-sponsored hacking groups was easy

CrowdStrike says that the MO of these attacks followed previously recorded patterns employed by Chinese spying groups in the past, meaning the hackers relied on compromising Web servers, and then, using SQL injections, gaining access to a company's internal network via the China Chopper webshell.

The PlugX and Derusbi malware strands were also detected in some of the attacks, both known tools used by Chinese-sponsored hackers in the past.

"So does this evidence of ongoing intrusions into the commercial sector from China indicate the failure of the U.S.-China cyber agreement?" asks Dmitri Alperovitch, CrowdStrike Co-Founder and CTO. "That depends on what we do about it, and how long the current situation persists."

Many security and cyber-espionage experts have warned that the attacks might not stop and that this pact is just for show, but as Mr. Alperovitch has highlighted, the success of this agreement now resides solely in the response the US government gives to Chinese authorities after the recent incidents.

Timeline of Chinese attacks on US companies
Timeline of Chinese attacks on US companies

Photo Gallery (2 Images)

China resumes cyber-attacks on US companies
Timeline of Chinese attacks on US companies
Open gallery