Hackers associated with the Chinese government have tried to penetrate at least seven US companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons.
CrowdStrike said software it placed at five U.S. technology and two pharmaceutical companies had detected and stopped the attacks.
President Barack Obama said he and Chinese President Xi Jinping had agreed that neither government would knowingly support cyber theft of corporate secrets to support domestic businesses. The agreement stopped short of restricting spying to obtain government secrets, including those held by private contractors.
CrowdStrike Co-founder Dmitri Alperovitch said in an interview that he believed the hackers who attacked the seven companies were affiliated with the Chinese government based in part on the servers and software they used.
The software included a program known as Derusbi. Derusbi previously turned up in attacks on Virginia defence contractor VAE and health insurer Anthe. Alperovitch said the hackers came from a variety of groups including one that CrowdStrike had previously named Deep Panda.
The intrusion was to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional, national-security-related intelligence collection,” CrowdStrike wrote in its bog.
White House spokesman Josh Earnest declined to comment on CrowdStrike’s findings but said that Obama had “made clear that the United States would judge China not based on its words, not based on any verbal commitments, but based on its actions.”
“You can rest assured that the relevant agencies in the United States government are closely monitoring China’s actions in this regard,” Earnest said on Monday.
Another U.S. cyber security company, FireEye said the state-sponsored Chinese hackers that it monitored were still active but it was too soon to say whether their aims had shifted.