Chinese hackers have gone after seven U.S. tech and pharmaceutical companies since the presidents of both countries agreed not to knowingly carry out corporate espionage, according to security firm CrowdStrike.
The company says in a blog post that it has identified a known hacking group in China as intruding into the seven U.S. companies starting the day after Presidents Xi and Obama announced the pact.
“It is important to note that this is not an exhaustive list of all the intrusions from Chinese-government affiliated actors we have detected during this time period; it is limited only to commercial entities that fit squarely within the hacking prohibitions covered under the Cyber agreement,” says CrowStrike CTO Dmitri Alperovitch.
Typically it is difficult to say with certainty where attacks originate, but Alperovitch writes “with a high degree of confidence that these intrusions were undertaken by a variety of different Chinese actors.”
Some of these attacks were carried out by a group known as Deep Panda, which CrowdStrike describes as “one of the most advanced Chinese nation-state cyber intrusion groups,” which has been tied for years to break-ins that target national security assets as well as industries including agriculture, chemical, financial, healthcare, insurance, legal and technology.
The attacks were all against CrowdStrike customers and all were blocked by its Falcon platform, the company says.
The means of attack included compromising Web servers via SQL injection in order to implant China Chopper Web shells that gives attackers the ability to upload further malware, typically credential-stealing code to escalate network privileges. Other tools used by the attackers included remote-access Trojans Derusbi and Plug X.
The attacks took place between Sept. 21 and Oct. 9. The last two were against pharmaceutical companies and the rest were technology companies, some of which were attacked multiple times.