U.S. cyber-security firm CrowdStrike Inc said Monday it had successfully prevented a Chinese hacker group from targeting a U.S. technology firm for the first time, offering promise for other companies facing cyber-attacks.
Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, told Reuters his company had observed a China-based hacker group called Hurricane Panda halt its attacks on a U.S. Internet technology firm in January, after the hackers detected CrowdStrike’s presence on the company’s networks.
Alperovitch said firms in the financial and cyber-security sectors had shown interest because of the results.
The January incident occurred after CrowdStrike responded to a breach at another U.S. tech firm in April 2014 that also was traced to Hurricane Panda.
CrowdStrike later detected that the group was attempting to use a newly discovered Windows vulnerability, known as a “0-day” threat, to attack the firm.
After CrowdStrike reported this risk to Microsoft, which patched the vulnerability, the hacker group abandoned efforts to regain access to the network of the first firm, he said.
Alperovitch said CrowdStrike had a “high degree of confidence” that the hacker group was linked to the Chinese government, but gave no further details.
CrowdStrike was later hired by the second firm that the same Chinese group attempted to breach and expelled them from that company’s networks, only to have them repeatedly seek to break back in, Alperovitch said.
He did not name either firm but said they worked in Internet infrastructure, which can include areas such as telecommunications, cloud computing and web hosting.
In January, Hurricane Panda managed to get a webshell onto the second company’s server and executed commands to check if CrowdStrike was loaded in memory, Alperovitch said. Webshells, normally used by server administrators, are vulnerable to exploitation by hackers.
Once Hurricane Panda detected CrowdStrike’s presence, the group exited that system and ceased further activity, he said.
“They realized that we had raised the cost and given the time and money wasted on the previous 0-day, decided it wasn’t worth it,” he said. “It was the first time we’d seen that.”
Alperovitch said the incident offered a new security plan for many U.S. firms facing attacks on their networks.
CrowdStrike uses a team of two dozen “expert hunters” around the world who monitor clients’ networks for signs of hackers and cyber-attacks, he said. This enables them to leverage and learn from other incidents at relatively low cost