Discovery that China repeatedly performs cyber attack after China signed the "cyber agreement" with the United States

ByBill Smith

Industry spies by the Chinese government and big companies,Maize corn thief in AmericaIt seems that it is done in various fields so as to lead to such, but between China and the United States on 25 September 2015 historicalCyber ​​agreementIt was tied. This means that "both parties agree not to conduct cyber crime such as stealing intellectual property such as trade secrets of competing companies via the Internet, and do not intentionally support such action" Although it was three weeks or more since the agreement was concluded, it is now clear that many attacks from China have been detected.

The Latest on Chinese-affiliated Intrusions into Commercial Companies »Adversary Manifesto

Provide security technology to protect intellectual property and state secrets "CrowdStrikeDeveloped byFortune 500Based on the cloud-based security tool that it is adopting many companies ranked in "CrowdStrike Falcon"is. Approximately three weeks have passed since the United States and China signed a cyber agreement on 25th September, but the fact that "CrowdStrike Falcon" detects and blocks many attacks from China who tried to intrude into the corporate network CrowdStrike reveals.

Seven out of companies attacked by Chinese attackers are technology / pharmaceutical companies. These are clearly considered as attacks targeting intellectual property and trade secrets of companies. The first attack that took place after the two countries signed a cyber agreement is September 26, the next day the agreement is concluded. Fortunately, "CrowdStrike Falcon" has succeeded in detecting and blocking attacks, and customer data has not been stolen. However, I have no doubt on the fact that these attacks took place immediately after the conclusion of the agreement.

The figure below shows the attack detected by "CrowdStrike Falcon" in the timeline. At the timing when the red card written "9/25" at the top is a cyber agreement, the attack detected by "CrowdStrike Falcon" in the last 30 days is marked with the date in the dark gray area at the bottom of the figure . According to this, 11 attacks detected after concluding an agreement. The graph below shows only "Attacks on technology and drug-related companies detected by CrowdStrike Falcon".

These attacks are based on the hacker group "DEEP PANDA", which is considered to be involved with the Chinese government, and attacks on various fields such as agriculture, chemicals, finance, health care, insurance, law, technology are detected It seems to be. Many attacks are trying to intrude into the corporate network from the establishment of "China Chopper" by SQL injection against the web server.

According to CrowdStrike, attacks related to the Chinese government are still going on.

in Security, Posted by logu_ii