Hackers associated with the Chinese government have continued their attacks on US companies, despite the recent agreement between Washington and Beijing not to spy on each other for commercial reasons, according to a prominent security firm.
CrowdStrike Inc said software it placed at five technology and two pharmaceutical companies in the US had detected and rebuffed Chinese attacks, which began on September 26.
The day before, President Barack Obama said he and Chinese President Xi Jinping had agreed that neither government would knowingly support cyber theft of corporate secrets to support domestic businesses.
However, that agreement stopped short of restricting spying to obtain government secrets, including those held by private contractors.
CrowdStrike co-founder Dmitri Alperovitch said that he believed the hackers who attacked the seven companies were affiliated with the Chinese government, based on the servers and software they had used.
The software included a program known as Derusbi, which other analysts have said turned up in previous cyber-attacks on Virginia defence contractor VAE Inc and health insurer Anthem Inc. Alperovitch said the hackers came from various Chinese groups, including one known as Deep Panda.
The "primary benefits of the intrusion seem clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional, national-security-related intelligence collection," CrowdStrike said in a blog post.
Chinese Foreign Ministry spokeswoman Hua Chunying repeated that the Chinese government opposed all forms of hacking or stealing commercial secrets.
"Internet hacking attacks are marked by their secretive, cross border nature," she told a daily news briefing on Monday.
CrowdStrike said it had notified the White House of its findings, but would not identify the targeted companies.
White House spokesman Josh Earnest declined to comment on CrowdStrike's findings but said that Obama had "made clear that the United States would judge China not based on its words, not based on any verbal commitments, but based on its actions."
"You can rest assured that the relevant agencies in the United States government are closely monitoring China's actions in this regard," he concluded.
Shortly before Xi's trip to the US last month, Chinese officials told their American counterparts that Beijing had detained at least two hackers who breached US computer networks.
China said it believed one of the suspects was involved in the data breach at the US Office of Personnel Management, which compromised the data of 21.5 million government workers. The other individual detained by Beijing was suspected of hacking for commercial gain.