Chinese hackers have continued with industrial espioage attacks in attempts to steal intellectual property by targeting US firms in the three weeks since the two countries agreed a cyber espionage pact.
Security firm CrowdStrike claimed that its software has documented Chinese attacks on US firms, with the attacks starting the day after President Obama and President Xi made their agreement public.
CrowdStrike CTO Dmitri Alperovitch wrote in a blog post: "Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit."
Obama and Xi agreed that both their countries would not knowingly support hacking for economic benefit against firms from the other’s country. The deal did stipulate, however, that cyber espionage for national security purposes was not covered.
However, Alperovitch warns that firms must not stop being vigilant against the cyber security threat from China, just because a public agreement was reached.
These latest attacks were predominantly conducted by SQL injection implanting China Chopper webshells, to provide access to the internal networks of those attacked.
CrowdStrike believes that a group called Deep Panda is involved in some of these attacks. Various security experts, including Crowdstrike and Brian Krebs, had detailed the groups links to the Chinese state.
