US cybersecurity firm claims to be 'first' to successfully stop Chinese hackers mid-attack
A US cybersecurity firm has said it successfully stopped a Chinese hacking team mid-operation, the first time this has been done.
"Most companies tend to think of intrusions as discrete and infrequent events," Alperovitch said.
"The narrative often goes like this: a company gets breached, the intrusion gets detected, an incident response team is brought in to investigate and remediate and, finally, the customers and the public are assured the intrusion is over and the company is now secure."
He argued that an alternative approach, "to raise the cost to the adversaries to such an extent that you can deter them from executing future campaigns", could be more effective.
According to Alperovitch, the CrowdStrike team had been dealing with Hurricane Panda since 2013, having witnessed the group carry out attacks on telecommunications and technology companies.
By working to slow down the attackers while they were still in the server, CrowdStrike was able to identify the exploit the group was using, which was based on a "0 day" vulnerability in Windows, and report it to Microsoft, who quickly issued a patch.
"0 day" threats are security holes unknown to software manufacturers and anti-virus programs and therefore generally unprotected against. Because of the effectiveness of such hacks, and their one-time use (as exploiting a vulnerability quickly brings the software maker's attention), they can be very valuable and are traded on online grey markets.
"After even the 0-day did not help them to achieve their objective, [Hurricane Panda] finally abandoned their efforts to regain access to the customer network," Alperovitch said.
He said that this success should offer a new security model for firms facing cyberattacks, by deploying a counter-insurgency type team against the hackers they may be able to fight them off, though he warned that for some high-profile targets, their opponents, "especially the nation-state types", may not be willing to retreat.
"Such a sustained, planned development effort coupled with the [hacking] group's regional targets and mission, lead us to believe that this activity is state-sponsored - most likely the Chinese government," the report said.
China has consistently denied involvement in hacking, saying it too has been a victim of hacking attacks.