Less than three weeks after presidents Obama and Xi agreed on a structure to limit cyber intrusions between the two countries, Crowdstrike is reporting its security software has detected several intrusions coming from actors associated with the Chinese government.
The first such of 11 attacks took place the day after Obama and Xi shook hands at the White House, Dmitri Alperovitch, co-Founder and CTO of Crowdstrike, wrote in a blog post adding that three other intrusions quickly followed before the end of September followed by seven more so far in October.
All of the attacks were against commercial enterprises with several aimed at the technology and pharmaceutical sectors with the apparent intent of gaining intellectual property and trade secrets and not an attempt to discover national-security related information. The company successful fended off the attacks, but said these incidents prove the agreement by itself will not protect anyone.
“The very fact that these attempts occurred highlights the need to remain vigilant despite the newly minted Cyber agreement,” Alperovitch said.
Crowdstrike named several of the bad actors it is associating with these intrusions, including Deep Panda, and said several of the attacks were done through web server compromises with SQL injection being used to implant China Chopper webshells into a system.
Even with China apparently disregarding the newly minted agreement, Alperovitch said he is bullish that in the long run the deal will be a starting point for better cooperation.
“I am optimistic that in the long term the U.S. Government can convince the Chinese that continuing cyber espionage intrusions for commercial benefit are not in their interest," he told SCMagazine.com in an email Monday. "That won't happen overnight and will require hard conversations and maybe use of economic leverage, such as sanctions, but I do think we could ultimately turn the corner and get all nation-states to abide by common norms of behavior in cyberspace."
