Cybersecurity firm: Chinese hacking on U.S. companies persists

WASHINGTON — Chinese hacking attempts on American corporate intellectual property have occurred with regularity over the past three weeks, suggesting that China almost immediately began violating its newly minted cyberagreement with the United States, according to a newly published analysis by a cybersecurity company with close ties to the U.S. government.

The Irvine, California-based company, CrowdStrike, says it documented seven Chinese cyberattacks against U.S. technology and pharmaceuticals companies “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection.”

“We’ve seen no change in behavior,” said Dmitri Alperovich, a founder of CrowdStrike who wrote one of the first public accounts of commercial cyberespionage linked to China in 2011.

One attack came on Sept. 26, CrowdStrike says, the day after President Barack Obama and Chinese President Xi Jinping announced their deal in the White House Rose Garden. CrowdStrike, which employs former FBI and National Security Agency cyberexperts, did not name the corporate victims, citing client confidentiality. And the company says it detected and thwarted the attacks before any corporate secrets were stolen.

A senior Obama administration official, speaking on condition of anonymity because he was not allowed to discuss the matter publicly, said officials are aware of the report but would not comment on its conclusions. The official did not dispute them, however.

The U.S. will continue to directly raise concerns regarding cybersecurity with the Chinese, monitor the country’s cyberactivities closely and press China to abide by all of its commitments, the official added.

The U.S.-China agreement forged last month does not prohibit cyberspying for national security purposes, but it bans economic espionage designed to steal trade secrets for the benefit of competitors. That is something the U.S. says it doesn’t do, but Western intelligence agencies have documented such attacks by China on a massive scale for years.

China denies engaging in such behavior, but threats of U.S. sanctions led Chinese officials to conduct a flurry of last-minute negotiations which led to the deal.

CrowdStrike on Monday released a timeline of recent intrusions linked to China that it says it documented against “commercial entities that fit squarely within the hacking prohibitions covered under the cyberagreement.”

The intrusion attempts are continuing, the company says, “with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures.”

CrowdStrike did not explain in detail how it attributes the intrusions to China, an omission that is likely to draw criticism, given the ability of hackers to disguise their origins. But the company has a long track record of gathering intelligence on Chinese hacking groups, and U.S. intelligence officials have often pointed to the company’s work.

“We assess with a high degree of confidence that these intrusions were undertaken by a variety of different Chinese actors, including Deep Panda, which CrowdStrike has tracked for many years breaking into national security targets of strategic importance to China,” Alperovich wrote in a blog posting that laid out his findings.

The hacking group known as Deep Panda, which has been linked to the Chinese military, is believed by many researchers to have carried out the attack on insurer Anthem Health earlier this year.

CrowdStrike and other companies have tracked Deep Panda back to China based on the malware and techniques it uses, its working hours and other intelligence.

In 2013, another cybersecurity company, Mandiant, published a report exposing what it said was a hacking unit linked to China’s People’s Liberation Army, including identifying the building housing the unit in Beijing. Those findings were later validated by American intelligence officials.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Alan Edward Dean, convicted of the 1993 murder of Melissa Lee, professes his innocence in the courtroom during his sentencing Wednesday, April 24, 2024, at Snohomish County Superior Court in Everett, Washington. (Ryan Berry / The Herald)
Bothell man gets 26 years in cold case murder of Melissa Lee, 15

“I’m innocent, not guilty. … They planted that DNA. I’ve been framed,” said Alan Edward Dean, as he was sentenced for the 1993 murder.

Bothell
Man gets 75 years for terrorizing exes in Bothell, Mukilteo

In 2021, Joseph Sims broke into his ex-girlfriend’s home in Bothell and assaulted her. He went on a crime spree from there.

A Tesla electric vehicle is seen at a Tesla electric vehicle charging station at Willow Festival shopping plaza parking lot in Northbrook, Ill., Saturday, Dec. 3, 2022. A Tesla driver who had set his car on Autopilot was “distracted” by his phone before reportedly hitting and killing a motorcyclist Friday on Highway 522, according to a new police report. (AP Photo/Nam Y. Huh)
Tesla driver on Autopilot caused fatal Highway 522 crash, police say

The driver was reportedly on his phone with his Tesla on Autopilot on Friday when he crashed into Jeffrey Nissen, killing him.

James McNeal. Courtesy photo
Charges: Ex-Bothell council member had breakup ‘tantrum’ before killing

James McNeal was giving Liliya Guyvoronsky, 20, about $10,000 per month, charging papers say. King County prosecutors charged him with murder Friday.

Edmonds City Council members answer questions during an Edmonds City Council Town Hall on Thursday, April 18, 2024 in Edmonds, Washington. (Olivia Vanni / The Herald)
Edmonds wants to hear your thoughts on future of fire services

Residents can comment virtually or in person during an Edmonds City Council public hearing set for 7 p.m. Tuesday.

Girl, 11, missing from Lynnwood

Sha’niece Watson’s family is concerned for her safety, according to the sheriff’s office. She has ties to Whidbey Island.

A cyclist crosses the road near the proposed site of a new park, left, at the intersection of Holly Drive and 100th Street SW on Thursday, May 2, 2024, in Everett, Washington. (Ryan Berry / The Herald)
Everett to use $2.2M for Holly neighborhood’s first park

The new park is set to double as a stormwater facility at the southeast corner of Holly Drive and 100th Street SW.

The Grand Avenue Park Bridge elevator after someone set off a fire extinguisher in the elevator last week, damaging the cables and brakes. (Photo provided by the City of Everett)
Grand Avenue Park Bridge vandalized, out of service at least a week

Repairs could cost $5,500 after someone set off a fire extinguisher in the elevator on April 27.

A person turns in their ballot at a ballot box located near the Edmonds Library in Edmonds, Washington on Sunday, Nov. 5, 2023. (Annie Barker / The Herald)
Everett approves measure for property tax increase to stave off deficit

If voters approve, the levy would raise the city’s slice of property taxes 44%, as “a retaining wall” against “further erosion of city services.”

Vehicles turn onto the ramp to head north on I-5 from 41st Street in the afternoon on Friday, June 2, 2023, in Everett, Washington. (Ryan Berry / The Herald)
Weather delays I-5 squeeze in Everett

After a rain delay, I-5 will be down to one lane in Everett on May 10, as crews replace asphalt with concrete.

Everett
2 men arrested in dozen south Snohomish County burglaries

Police believe both men are connected with a group from South America suspected of over 300 burglaries since 2021.

James McNeal. Courtesy photo
Ex-Bothell council member arrested for investigation of killing woman

James McNeal, 58, served eight years on the Bothell City Council. On Tuesday, he was arrested for investigation of murdering a 20-year-old woman.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.