Foreign ministry spokeswoman Hua Chunying repeated the government opposed all forms of hacking or stealing commercial secrets. Photo: SCMP Pictures

Chinese hackers tried to breach security at seven US firms since Xi and Obama signed cyber deal, security company says

Chinese-linked attackers have tried to breach systems at seven American companies in weeks since cyber deal was signed, says security firm

Hackers associated with the Chinese government have tried to penetrate at least seven US companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons, according to a prominent American security firm.

CrowdStrike said software it placed at five US technology and two pharmaceutical companies had detected and rebuffed the attacks, which began on September 26. The day before, US President Barack Obama said he and President Xi Jinping had agreed that neither government would knowingly support cybertheft of corporate secrets to support domestic businesses.

The agreement stopped short of restricting spying to obtain government secrets, including those held by private contractors.

CrowdStrike co-founder Dmitri Alperovitch said he believed the hackers who attacked the companies were affiliated with the Chinese government based in part on the servers and software they used. The software included a program known as Derusbi, according to Alperovitch. Other analysts have said Derusbi has turned up in attacks on Virginia defence contractor VAE and health insurer Anthem.

Alperovitch said the hackers came from a variety of groups including one CrowdStrike had previously named Deep Panda.

The "primary benefits of the intrusion seem clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional, national-security-related intelligence collection," the company said.

CrowdStrike, which employs former cyber experts with the Federal Bureau of Investigation and the National Security Agency, did not name the corporate victims, citing client confidentiality. It said it detected and thwarted the attacks before any corporate secrets were stolen.

Foreign ministry spokeswoman Hua Chunying repeated the government opposed all forms of hacking or stealing commercial secrets. "Internet hacking attacks are marked by their secretive, cross-border nature," she told a daily briefing.

CrowdStrike said it had notified the White House of its findings but declined to identify the targeted companies.

A senior Obama administration official said the government was aware of the findings but declined to address the company's conclusions. "As we move forward, we will monitor China's cyber activities closely and press China to abide by all of its commitments," said the official who did not want to be named.

Another US cybersecurity company, FireEye, said state-sponsored hackers it monitored were still active but it was too soon to say whether their aims had shifted. It was too early to conclude if the activity constituted economic espionage, a FireEye spokesman said.


This article appeared in the South China Morning Post print edition as: Hackers 'continue to target' U.S. firms