September 25 of this year saw a much-hyped meeting of the leaders of America and China, leading to a landmark deal providing that neither country would take part in commercially orientated cyber attacks against the other. While no mention was made of politically orientated hacks, this was still a big deal. Or at least it should have been. Unfortunately, it doesn’t seem to have affected the number of attacks against U.S. companies.
It must be said that the report of continuing China-originating attacks does come from an American company — one that is more than happy to mention the names of its products and services in the update — and therefore the potential for bias should be factored in. That said, security firm CrowdStrike claims that a number of hacks have taken place since the agreement was executed, and that and some of them appear to be commercially motivated.
The first attack which CrowdStrike claims hit U.S. companies took place the day after the historic meeting, on September 26. It appeared to be an attempt to access corporate systems, potentially to steal user data. However the attack was said to have been thwarted and no information was spirited away.
That particular hack attempt targeted the technology sector, and so did subsequent attacks on the 27th, 29th, and 30th. October has seen similar attempts, along with a couple of attacks against the pharmaceutical sector.
Although it could be said that there was no way to determine that these were state-sponsored attacks, CrowdStrike appears confident that that is the case. It claims to have tracked one attack to a known Chinese cell called Deep Panda. There were also some quite typical techniques employed by Chinese state hackers which the security firm detected and halted in their tracks.
As much as strong defences in a digital war are always nicer to see than strong offences — lessening the potential for collateral damage — this could be an indication of further divisions in the security community along the lines of nations themselves. We’ve previously seen Kaspersky highlight more U.S.-produced malware than Russian, as an example.
Would you be more keen to use security software from your own country over those from overseas?