Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

U.S. Firms Targeted by China Even After Cyber Deal: Report

The Chinese government continues to target United States firms in an effort to steal intellectual property, despite the pact signed by the two countries last month, according to a report from threat intelligence firm CrowdStrike.

The Chinese government continues to target United States firms in an effort to steal intellectual property, despite the pact signed by the two countries last month, according to a report from threat intelligence firm CrowdStrike.

On September 25, US President Barack Obama and his Chinese counterpart Xi Jinping agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

However, CrowdStrike says China has not respected the terms of the agreement and continues to attack private U.S. firms. A report published by CrowdStrike on Monday shows that threat actors known by the security company to be affiliated with the Chinese government have targeted several firms since the deal was made.

According to CrowdStrike, the first attack was spotted on September 26, one day after the agreement was signed. Seven of the targeted companies are in the technology and pharmaceutical sectors, which clearly indicates that the attackers are after intellectual property and trade secrets, the security firm said.

CrowdStrike says the attackers have repeatedly attempted to penetrate its customers’ systems, mainly through web server compromises that involved SQL injection vulnerabilities.

The attacks observed by the security company have been attributed to several Chinese actors, including the notorious Deep Panda group, which is known to target not only commercial organizations, but also national security-related entities that have a strategic importance to China.

As experts have pointed out, the agreement between the U.S. and China does not cover cyber espionage conducted for national security purposes, but the attacks aimed at tech and pharmaceutical firms should be covered by the recent pact.

“So does this evidence of ongoing intrusions into the commercial sector from China indicate the failure of the U.S.-China cyber agreement? That depends on what we do about it, and how long the current situation persists,” explained CrowdStrike co-founder and CTO Dmitri Alperovitch. “The fact that there is some time delay between agreement and execution is not entirely unexpected. But, we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate.”

Advertisement. Scroll to continue reading.

FireEye says it has also observed activity from threat groups that are likely sponsored by China since September 25, but the company says it’s premature to conclude that activity during this short timeframe constitutes economic espionage.

“We have seen an evolution in the operations of many of the China-based threat actors we track ­a shift that had actually begun in roughly mid-2013,” FireEye told SecurityWeek. “Whether operational shifts such as the one we have observed indicates a large scale shift in these groups’ missions away from economic espionage is an open question, and assessing the complexity of changes in state-sanctioned economic espionage requires far more sufficient time, data, and view points.”

Tim Erlin, director of IT security and risk strategy at Tripwire, also commented on CrowdStrike’s findings.

“Accurately attributing attacks is more of art than science. Adding a motivation criterion to the attribution requirements increases the complexity of actually coming to a firm conclusion,” Erlin said via email. “The increasingly interconnected nature of commerce and government blurs the line between economic gain and espionage.”

“The cybersecurity pact between China and the US may seem clear on the surface, but its wording ensures that it’s unlikely either country will be forced into action,” the expert added. “The Whitehouse is unlikely to simply accept the contributed conclusions of a commercial cybersecurity company when the foreign policy implications are so significant.”

*Updated with comments from FireEye and Tripwire

Related Reading: Long-Term Strategy Needed When Analyzing APTs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...