China hack attacks on US continue despite commercial spying pact, security firm says

Hackers associated with the Chinese government targeted seven US companies in the last three weeks, CrowdStrike says.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

China's President Xi Jinping meets US President Barack Obama in September. Li Xueren/Xinhua Press/Corbis

Seven US companies have been attacked by government-associated Chinese hackers in the three weeks since the US and China announced a pact that banned government spying on companies, a US security firm said Monday.

The hacks by "actors we have affiliated with the Chinese government" targeted five technology companies and two pharmaceutical companies, US security company CrowdStrike said in a blog post. The first of these occurred the day after the two countries struck a landmark pact in which they agreed not to spy on one another to steal business secrets. They "are continuing to this day", the company said.

CrowdStrike's warning serves as the latest reminder about the threat of hackers, which have managed to breach not only large companies, but have swiped personal data like credit card information and social security numbers. As the economies of China and the US have become increasingly reliant on the Internet, cybersecurity has come to define the relationship between the two countries. Officials in Washington have long been frustrated by China's protestations of innocence over government-affiliated hackers originating in the country.

Chinese President Xi Jinping and President Barack Obama announced a deal on September 25 under which both countries said they would not support online theft of commercial secrets. The pact was high on Obama's agenda, although the Chinese president denied that his government supported the cybertheft of secrets. The accord was designed to improve business relations between the US and China; it didn't address espionage for the sake of stealing government secrets.

Xi's visit to the US last month was supposed to mark a fresh start for the two countries. The agreement states that both countries agree not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."

It's not clear exactly when the agreement is scheduled to take effect and how long the countries have to wind down any existing operations. In order to judge whether or not the pact is already a failure, "we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate," said CrowdStrike Chief Technology Officer Dmitri Alperovitch, the author of the blog post.

Representatives from the US and Chinese governments could not immediately be reached for comment.