Seven US companies have been attacked by government-associated Chinese hackers in the three weeks since the US and China announced a pact that banned government spying on companies, a US security firm said Monday.
The hacks by "actors we have affiliated with the Chinese government" targeted five technology companies and two pharmaceutical companies, US security company CrowdStrike said in a blog post. The first of these occurred the day after the two countries struck a landmark pact in which they agreed not to spy on one another to steal business secrets. They "are continuing to this day", the company said.
CrowdStrike's warning serves as the latest reminder about the threat of hackers, which have managed to breach not only large companies, but have swiped personal data like credit card information and social security numbers. As the economies of China and the US have become increasingly reliant on the Internet, cybersecurity has come to define the relationship between the two countries. Officials in Washington have long been frustrated by China's protestations of innocence over government-affiliated hackers originating in the country.
Chinese President Xi Jinping and President Barack Obama announced a deal on September 25 under which both countries said they would not support online theft of commercial secrets. The pact was high on Obama's agenda, althoughthat his government supported the cybertheft of secrets. The accord was designed to improve business relations between the US and China; it didn't address espionage for the sake of stealing government secrets.
Xi's visit to the US last month was supposed to mark a fresh start for the two countries. The agreement states that both countries agree not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."
It's not clear exactly when the agreement is scheduled to take effect and how long the countries have to wind down any existing operations. In order to judge whether or not the pact is already a failure, "we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate," said CrowdStrike Chief Technology Officer Dmitri Alperovitch, the author of the blog post.
Representatives from the US and Chinese governments could not immediately be reached for comment.