Washington, October 19

Chinese hacking attempts on American corporate intellectual property have occurred with regularity over the past three weeks, suggesting that China almost immediately began violating its newly minted cyberagreement with the United States, according to a newly published analysis by a cybersecurity company with close ties to the US government.

The Irvine, California-based company, CrowdStrike, says it documented seven Chinese cyberattacks against US technology and pharmaceuticals companies “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection.”

“We’ve seen no change in behaviour,” said Dmitri Alperovich, a founder of CrowdStrike who wrote one of the first public accounts of commercial cyberespionage linked to China in 2011.

One attack came on September 26, CrowdStrike says, the day after President Barack Obama and Chinese President Xi Jinping announced their deal in the White House Rose Garden. CrowdStrike, which employs former FBI and National Security Agency cyberexperts, did not name the corporate victims, citing client confidentiality. And the company says it detected and thwarted the attacks before any corporate secrets were stolen.

A senior Obama administration official, speaking on condition of anonymity because he was not allowed to discuss the matter publicly, said officials are aware of the report but would not comment on its conclusions. The official did not dispute them, however.

The US will continue to directly raise concerns regarding cybersecurity with the Chinese, monitor the country’s cyberactivities closely and press China to abide by all of its commitments, the official added.

The US-China agreement forged last month does not prohibit cyberspying for national security purposes, but it bans economic espionage designed to steal trade secrets for the benefit of competitors. That is something the US says it doesn’t do, but western intelligence agencies have documented such attacks by China on a massive scale for years. China denies engaging in such behaviour, but threats of US sanctions led Chinese officials to conduct a flurry of last-minute negotiations which led to the deal.

CrowdStrike today released a timeline of recent intrusions linked to China that it says it documented against “commercial entities that fit squarely within the hacking prohibitions covered under the cyberagreement.” The company says, “with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures.”

CrowdStrike did not explain in detail how it attributes the intrusions to China, an omission that is likely to draw criticism, given the ability of hackers to disguise their origins. But the company has a long track record of gathering intelligence on Chinese hacking groups, and US intelligence officials have often pointed to the company’s work.