Hackers associated with the Chinese government have tried to penetrate at least seven U.S. companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons, according to a prominent U.S. security firm.
CrowdStrike Inc said software it placed at five U.S. technology and two pharmaceutical companies had detected and rebuffed the attacks, which began on Sept. 26.
On Sept. 25, President Barack Obama said he and Chinese President Xi Jinping had agreed that neither government would knowingly support cyber theft of corporate secrets to support domestic businesses. The agreement stopped short of restricting spying to obtain government secrets, including those held by private contractors.
CrowdStrike Co-founder Dmitri Alperovitch said in an interview that he believed the hackers who attacked the seven companies were affiliated with the Chinese government based in part on the servers and software they used.
The software included a program known as Derusbi, according to Alperovitch. Other analysts have said Derusbi previously turned up in attacks on Virginia defense contractor VAE Inc and health insurer Anthem Inc <ANTM.N>. Alperovitch said the hackers came from a variety of groups including one that CrowdStrike had previously named Deep Panda.
The "primary benefits of the intrusion seem clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional, national-security-related intelligence collection," CrowdStrike said in a blog post to be published on Monday.
Chinese Foreign Ministry spokeswoman Hua Chunying repeated that the Chinese government opposed all forms of hacking or stealing commercial secrets.
"Internet hacking attacks are marked by their secretive, cross border nature," she told a daily news briefing on Monday.
CrowdStrike said it had notified the White House of its findings but would not identify the targeted companies.
White House spokesman Josh Earnest declined to comment on CrowdStrike's findings but said that Obama had "made clear that the United States would judge China not based on its words, not based on any verbal commitments, but based on its actions."
"You can rest assured that the relevant agencies in the United States government are closely monitoring China's actions in this regard," Earnest said on Monday.
Another U.S. cyber security company, FireEye Inc <FEYE.O>, said the state-sponsored Chinese hackers that it monitored were still active but it was too soon to say whether their aims had shifted.
"It is premature to conclude that activity during this short time frame constitutes economic espionage," FireEye spokesman Vitor De Souza said.
Shortly before Xi's trip to the United States last month, Chinese officials told their American counterparts that Beijing had detained at least two hackers who breached U.S. computer networks, according to Jim Lewis of the Center for Strategic and International Studies and two other sources close to the Obama administration.
The arrests were reported by the Washington Post a week ago, though the paper gave no names or other details.
China said it believed one of the suspects was involved in the data breach at the U.S. Office of Personnel Management, according to Lewis and one of the sources. The OPM hack had compromised the data of 21.5 million government workers.
The other person who was detained by Beijing was suspected of hacking for commercial gain, said Lewis and the other source.
(Reporting by Joseph Menn in San Francisco, Jeff Mason and Roberta Rampton in Washington, and Ben Blanchard in Beijing; Editing by Tiffany Wu and Nick Macfie)