Hackers associated with the Chinese government have tried to penetrate U.S. companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons, according to U.S. security firm CrowdStrike. According to a recent cyber agreement between the United States and China, both nations agreed not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."
However, security firm CrowdStrike continued to monitor nation-state activities in order to spot any attempted intrusions into their customers' networks.
They said that at over the last three weeks, a number of intrusions from 'actors' affiliated with the Chinese government were prevented.
"Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit," CrowdStrike said.
The very first intrusion conducted by China-affiliated actors after the joint Xi-Obama announcement at the White House took place the very next day – Saturday September 26th, the firm said.
Many of the intrusions were done through Web server compromises, with SQL injection being the prefered vector of implanting China Chopper webshells which provide access to the internal networks of the victims.
CrowdStrike said it had notified the White House of its findings but declined to identify the targeted companies.