China Still Hacking US Firms Despite Xi’s Vow

Chinese government hackers have attempted in the past few weeks to penetrate the networks of US companies to steal their secrets despite a pledge by China’s president that they would not do so, according to private researchers.

Chinese hackers have targeted at least seven US companies since President Xi Jinping vowed last month in Washington that his country would not conduct economic cyberespionage — the theft of trade secrets and intellectual property for the benefit of the nation’s industries, according to CrowdStrike, a firm that helps companies track and prevent intrusions.
In the three weeks since Xi left Washington — including the day after he left, on Sept. 26 — hackers linked to the Chinese government have attempted to gain access to tech and pharmaceutical companies’ networks, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, who released a report recently.
The efforts continue to the present, sometimes several times a day, and appear to be distinct from traditional intelligence gathering, which is not covered by Xi’s pledge, Alperovitch noted.
Both President Obama and President Xi Jinping referenced the evolving relationship between their two counties during a toast at the Chinese state dinner. (AP)
The U.S. intelligence community is also seeing continued signs of economic cyberespionage by Chinese hackers, according to a US official, who spoke on the condition of anonymity because of the matter’s sensitivity. But what it means at this point is not clear.
One senior military cyber defense official said recently that any cessation of Chinese economic espionage activity will play out over time. “I think it’s too early for any of us to see any of those changes,” said the US Cyber Command’s deputy commander, Lt. Gen. James K. McLaughlin, speaking at the Center for Strategic and International Studies on Oct. 9.
Nonetheless, the fresh efforts by Chinese hackers, if they prove to be part of a renewed campaign of commercial espionage in cyberspace, will put pressure on the Obama administration to hold China accountable.
While in Washington for a state visit, Xi met with President Obama and promised that China would not “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Obama said Beijing must now follow through. “The question now is,” Obama said, “are words followed by actions?”
A senior administration official said the White House is aware of CrowdStrike’s report. “We’ll decline comment on its specific conclusions,” said the official, who spoke on the condition of anonymity because of the issue’s sensitivity. “As we move forward, we will monitor China’s cyber-activities closely and press China to abide by all of its commitments.”
The Washington Post reported in late August that the administration was preparing to impose, possibly even before Xi’s visit, economic sanctions on Chinese companies that benefited from government-sponsored hacking. But a promise by the Chinese government to refrain from such activity and its arrests of several hackers, among other gestures, helped persuade the administration to hold off on imposing sanctions.
But if the Chinese continue their behavior, the administration will act, officials said.
Standing next to Xi in the Rose Garden last month, Obama stressed that he had created a sanctions program earlier this year to be used when the administration has proof that the hackers have “gone after US companies or US persons.” He said he had told Xi “that we will apply [sanctions] and whatever other tools we have in our tool kit to go after cybercriminals, either retrospectively or prospectively.”
Many officials have been skeptical — some openly — that China would uphold its end of the agreement. One question: How much time should the administration give China to make changes in its behavior?
Some analysts noted that it could take time for China’s vast apparatus of cyberspies to be dismantled or refocused.

Another threat-detection company, FireEye, also has observed activity from likely Chinese government hacker groups since Sept. 25. “But it is premature to conclude that activity during this short timeframe constitutes economic espionage,” the firm’s intelligence director, Laura Galante, said in an e-mail. “Assessing the complexity of changes in state-sanctioned economic espionage requires far more sufficient time, data and viewpoints,” she said.
Alperovitch said he thinks enough time has passed. “The Chinese need to be held accountable for their continued attempts to steal IP and trade secrets through cyber-intrusions into commercial companies” he said. “The US government needs to make it clear that we will still use those sanctions unless these actions cease.”
CrowdStrike is not identifying the companies that were targeted, Alperovitch said. He said that CrowdStrike’s intrusion-detection platform prevented the hackers from gaining actual entry into their targets’ networks and no data was taken.
But, he said, the detection platform revealed tools and techniques, including servers in other countries, that are used by a variety of Chinese government hacking groups, including one that CrowdStrike has dubbed Deep Panda. For years, these groups have been targeting industries of strategic importance to China, including agriculture, chemical, financial, health care and insurance sectors.
Washington Post: http://wapo.st/1RQUAB3

 

« FBI Say ISIS Is Going After US Vulnerabilities
IBM Gives China Access to Software Code »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.