China Still Hacking US Firms Despite Xi’s Vow

Chinese government hackers have attempted in the past few weeks to penetrate the networks of US companies to steal their secrets despite a pledge by China’s president that they would not do so, according to private researchers.

Chinese hackers have targeted at least seven US companies since President Xi Jinping vowed last month in Washington that his country would not conduct economic cyberespionage — the theft of trade secrets and intellectual property for the benefit of the nation’s industries, according to CrowdStrike, a firm that helps companies track and prevent intrusions.
In the three weeks since Xi left Washington — including the day after he left, on Sept. 26 — hackers linked to the Chinese government have attempted to gain access to tech and pharmaceutical companies’ networks, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, who released a report recently.
The efforts continue to the present, sometimes several times a day, and appear to be distinct from traditional intelligence gathering, which is not covered by Xi’s pledge, Alperovitch noted.
Both President Obama and President Xi Jinping referenced the evolving relationship between their two counties during a toast at the Chinese state dinner. (AP)
The U.S. intelligence community is also seeing continued signs of economic cyberespionage by Chinese hackers, according to a US official, who spoke on the condition of anonymity because of the matter’s sensitivity. But what it means at this point is not clear.
One senior military cyber defense official said recently that any cessation of Chinese economic espionage activity will play out over time. “I think it’s too early for any of us to see any of those changes,” said the US Cyber Command’s deputy commander, Lt. Gen. James K. McLaughlin, speaking at the Center for Strategic and International Studies on Oct. 9.
Nonetheless, the fresh efforts by Chinese hackers, if they prove to be part of a renewed campaign of commercial espionage in cyberspace, will put pressure on the Obama administration to hold China accountable.
While in Washington for a state visit, Xi met with President Obama and promised that China would not “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Obama said Beijing must now follow through. “The question now is,” Obama said, “are words followed by actions?”
A senior administration official said the White House is aware of CrowdStrike’s report. “We’ll decline comment on its specific conclusions,” said the official, who spoke on the condition of anonymity because of the issue’s sensitivity. “As we move forward, we will monitor China’s cyber-activities closely and press China to abide by all of its commitments.”
The Washington Post reported in late August that the administration was preparing to impose, possibly even before Xi’s visit, economic sanctions on Chinese companies that benefited from government-sponsored hacking. But a promise by the Chinese government to refrain from such activity and its arrests of several hackers, among other gestures, helped persuade the administration to hold off on imposing sanctions.
But if the Chinese continue their behavior, the administration will act, officials said.
Standing next to Xi in the Rose Garden last month, Obama stressed that he had created a sanctions program earlier this year to be used when the administration has proof that the hackers have “gone after US companies or US persons.” He said he had told Xi “that we will apply [sanctions] and whatever other tools we have in our tool kit to go after cybercriminals, either retrospectively or prospectively.”
Many officials have been skeptical — some openly — that China would uphold its end of the agreement. One question: How much time should the administration give China to make changes in its behavior?
Some analysts noted that it could take time for China’s vast apparatus of cyberspies to be dismantled or refocused.

Another threat-detection company, FireEye, also has observed activity from likely Chinese government hacker groups since Sept. 25. “But it is premature to conclude that activity during this short timeframe constitutes economic espionage,” the firm’s intelligence director, Laura Galante, said in an e-mail. “Assessing the complexity of changes in state-sanctioned economic espionage requires far more sufficient time, data and viewpoints,” she said.
Alperovitch said he thinks enough time has passed. “The Chinese need to be held accountable for their continued attempts to steal IP and trade secrets through cyber-intrusions into commercial companies” he said. “The US government needs to make it clear that we will still use those sanctions unless these actions cease.”
CrowdStrike is not identifying the companies that were targeted, Alperovitch said. He said that CrowdStrike’s intrusion-detection platform prevented the hackers from gaining actual entry into their targets’ networks and no data was taken.
But, he said, the detection platform revealed tools and techniques, including servers in other countries, that are used by a variety of Chinese government hacking groups, including one that CrowdStrike has dubbed Deep Panda. For years, these groups have been targeting industries of strategic importance to China, including agriculture, chemical, financial, health care and insurance sectors.
Washington Post: http://wapo.st/1RQUAB3

 

« FBI Say ISIS Is Going After US Vulnerabilities
IBM Gives China Access to Software Code »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

XONA

XONA

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.