This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to colleagues, clients or customers, use the Reprints tool at the top of any article or visit: www.reutersreprints.com.
U.S. firm CrowdStrike claims success in deterring Chinese hackers
By Andrea Shalal
COLORADO SPRINGS, Colo. (Reuters) - U.S. cybersecurity firm CrowdStrike Inc said Monday it had successfully prevented a Chinese hacker group from targeting a U.S. technology firm for the first time, offering promise for other companies facing cyber attacks.
Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, told Reuters his company had observed a China-based hacker group called Hurricane Panda halt its attacks on a U.S. Internet technology firm in January, after the hackers detected CrowdStrike's presence on the company's networks.
Alperovitch said firms in the financial and cybersecurity sectors had shown interest because of the results.
The January incident occurred after CrowdStrike responded to a breach at another U.S. tech firm in April 2014 that also was traced to Hurricane Panda.
CrowdStrike later detected that the group was attempting to use a newly discovered Windows vulnerability, known as a "0-day" threat, to attack the firm.
After CrowdStrike reported this risk to Microsoft, which patched the vulnerability, the hacker group abandoned efforts to regain access to the network of the first firm, he said.
Alperovitch said CrowdStrike had a "high degree of confidence" that the hacker group was linked to the Chinese government, but gave no further details.
CrowdStrike was later hired by the second firm that the same Chinese group attempted to breach and expelled them from that company's networks, only to have them repeatedly seek to break back in, Alperovitch said.
He did not name either firm but said they worked in Internet infrastructure, which can include areas such as telecommunications, cloud computing and web hosting.
In January, Hurricane Panda managed to get a webshell onto the second company's server and executed commands to check if CrowdStrike was loaded in memory, Alperovitch said. Webshells, normally used by server administrators, are vulnerable to exploitation by hackers.
Once Hurricane Panda detected CrowdStrike's presence, the group exited that system and ceased further activity, he said.
"They realized that we had raised the cost and given the time and money wasted on the previous 0-day, decided it wasn't worth it," he said. "It was the first time we'd seen that."
Alperovitch said the incident offered a new security plan for many U.S. firms facing attacks on their networks.
CrowdStrike uses a team of two dozen "expert hunters" around the world who monitor clients' networks for signs of hackers and cyber attacks, he said. This enables them to leverage and learn from other incidents at relatively low cost.
(Editing by Bernadette Baum)
© Thomson Reuters . All rights reserved. Users may download and print extracts of content from this website for their own personal and non-commercial use only. Republication or redistribution of Thomson Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Thomson Reuters. Thomson Reuters and its logo are registered trademarks or trademarks of the Thomson Reuters group of companies around the world.
Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to colleagues, clients or customers, use the Reprints tool at the top of any article or visit: www.reutersreprints.com.