Africa

Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

Close
Menu
China reportedly tries to hack U.S. businesses the day after agreeing not to

China reportedly tries to hack U.S. businesses the day after agreeing not to

Security firm CrowdStrike says attackers try to breach tech, pharma companies

Tim Greene Tim Greene (Network World)
Comments

Chinese hackers have gone after seven U.S. tech and pharmaceutical companies since the presidents of both countries agreed not to knowingly carry out corporate espionage, according to security firm CrowdStrike.

The company says in a blog post that it has identified a known hacking group in China as intruding into the seven U.S. companies starting the day after Presidents Xi and Obama announced the pact.

“It is important to note that this is not an exhaustive list of all the intrusions from Chinese-government affiliated actors we have detected during this time period; it is limited only to commercial entities that fit squarely within the hacking prohibitions covered under the Cyber agreement,” says CrowStrike CTO Dmitri Alperovitch.

Typically it is difficult to say with certainty where attacks originate, but Alperovitch writes “with a high degree of confidence that these intrusions were undertaken by a variety of different Chinese actors.”

Some of these attacks were carried out by a group known as Deep Panda, which CrowdStrike describes as “one of the most advanced Chinese nation-state cyber intrusion groups,” which has been tied for years to break-ins that target national security assets as well as industries including agriculture, chemical, financial, healthcare, insurance, legal and technology.

The attacks were all against CrowdStrike customers and all were blocked by its Falcon platform, the company says.

The means of attack included compromising Web servers via SQL injection in order to implant China Chopper Web shells that gives attackers the ability to upload further malware, typically credential-stealing code to escalate network privileges. Other tools used by the attackers included remote-access Trojans Derusbi and Plug X.

The attacks took place between Sept. 21 and Oct. 9. The last two were against pharmaceutical companies and the rest were technology companies, some of which were attacked multiple times.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CrowdStrikePanda

Show Comments
[]