U.S. firm CrowdStrike claims success in deterring Chinese hackers

Reuters News
Posted: Apr 13, 2015 12:04 PM

By Andrea Shalal

COLORADO SPRINGS, Colo. (Reuters) - U.S. cybersecurity firm CrowdStrike Inc said Monday it had successfully prevented a Chinese hacker group from targeting a U.S. technology firm for the first time, offering promise for other companies facing cyber attacks.

Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, told Reuters his company had observed a China-based hacker group called Hurricane Panda halt its attacks on a U.S. Internet technology firm in January, after the hackers detected CrowdStrike's presence on the company's networks.

Alperovitch said the incident occurred after CrowdStrike responded to a breach at another U.S. tech firm in April 2014 that also was traced to Hurricane Panda.

CrowdStrike detected subsequently that the group was attempting to use a newly discovered Windows vulnerability, known as a "0-day" threat, to attack the firm.

After CrowdStrike reported this risk to Microsoft, which patched the vulnerability, the hacker group abandoned its efforts to regain access to the network of the first company, he said.

Alperovitch said CrowdStrike had a "high degree of confidence" that the hacker group was linked to the Chinese government, but gave no further details.

CrowdStrike was later hired by the second firm that the same Chinese group attempted to breach and expelled them from that company's networks, only to have them repeatedly seek to break back in, Alperovitch said.

He didn't name either firm but said they worked in areas such as webhosting.

In January, Hurricane Panda managed to get a webshell onto the second company's server and executed commands to check if CrowdStrike was loaded in memory, he said. Webshells, normally used by server administrators, are vulnerable to exploitation by hackers.

Once Hurricane Panda detected CrowdStrike's presence, the hacker group exited that system and ceased further activity, Alperovitch said.

Hold The Damn Vote Already
Derek Hunter

He attributed the success to CrowdStrike's focus on the attackers' intent and objectives, not just the tools that hackers use.

"They realized that we had raised the cost and given the time and money wasted on the previous 0-day, decided it wasn't worth it," he said. "It was the first time we'd seen that."

Alperovitch said his company's success offered a new defensive security plan for many U.S. firms that face escalating attacks on their networks.

CrowdStrike uses a team of two dozen "expert hunters" around the world who monitor clients' networks for signs of hackers and cyber attacks, he said. This enables them to leverage and learn from other incidents at relatively low cost.

(Editing by Bernadette Baum)