(Adds Chinese foreign ministry comment, China-U.S. talks)
By Joseph Menn
SAN FRANCISCO, July 8 A sophisticated group of
hackers believed to be associated with the Chinese government,
who for years targeted U.S experts on Asian geopolitical
matters, suddenly began breaching computers belonging to experts
on Iraq as the rebellion there escalated, a security firm said
CrowdStrike Inc said that the group is one of the most
sophisticated of the 30 it tracks in China and that its
operations are better hidden than many attributed to military
and other government units.
CrowdStrike co-founder Dmitri Alperovitch said he has "great
confidence" the hackers are affiliated with the government,
though he declined to provide many details on the matter.
China's Foreign Ministry repeated that the government
opposed hacking and dismissed the report.
"Some U.S. Internet security firms ignore the U.S. threat to
the Internet and constantly seize upon the so-called China
Internet threat. The evidence they produce is fundamentally
untrustworthy and unworthy of comment," spokesman Hong Lei told
a daily news briefing in Beijing.
CrowdStrike has a number of former U.S. government officials
on its staff and has produced a number of influential reports on
overseas hacking groups.
The United States will press China to resume cooperation on
fighting cyber espionage to ensure an orderly cyber environment,
a senior U.S. official said on Tuesday ahead of annual talks
between the world's two largest economies this week in
Over the past three years, CrowdStrike said it has seen the
group it calls "Deep Panda" target defense, financial and other
industries in the United States. It has also gone after workers
at think tanks who specialize in Southeast Asian affairs,
including former government experts.
On June 18, the same day the rebel group Islamic State of
Iraq and the Levant, which is also called ISIS, attacked an oil
refinery, the Chinese group began going after the digital
documents of U.S. think tank employees who are experts in that
region, Alperovitch said.
He said that Iraq is the fifth-largest source of crude for
China, while China is the largest foreign investor in Iraq's oil
infrastructure, so it would be natural for China to be concerned
about the insurrection and potential U.S. responses.
Alperovitch said that while hacking groups suspected of
government backing do shift the industries they are going after,
he could not recall such a sudden change in "tasking" before
"It really suggests you have pretty good control from
probably very high levels of Chinese government over these
individuals," he said.
Alperovitch declined to identify the think tanks, which are
using CrowdStrike's detection and analysis tools free of charge.
(Additional reporting by Michael Martina and Lesley Wroughton
in BEIJING; Editing by Bernard Orr and Matt Driskill)