Chinese hackers linked to G20 spying, targeted five European countries

A private security firm has presented evidence of hacking to the FBI but has not linked the attacks to the Chinese government

Chinese hackers are allegedly responsible for computer breaches at five European foreign ministries prior to this year’s G20 summit in September, according to independent research by computer security firm FireEye Inc.

A report released by the firm explains how government staff members were tricked into downloading malicious files masquerading as reports and documents, with such as “US_military_options_in_Syria”. Instead, these files contained malicious code that hijacked the recipients’ computers.

Although FireEye did not detail which nations were targeted, the New York Times has named the countries as the Czech Republic, Portugal, Bulgaria, Latvia and Hungary. Strings of the code and webpages used in the attack were written in Chinese.

FireEye researcher Nart Villeneuve told the paper that although the attack could not be linked to any specific groups or individuals within China, the operation appeared to be state-affiliated: “Unlike other groups, which tend to attack commercial targets, this campaign specifically targeted ministries of foreign affairs,” he said.

The filenames used by the hackers also indicate their intent to infiltrate government targets: the 5-6 September G20 conference was dominated by talk of the Syrian crisis, and files that purportedly reported on the situation were more likely to be downloaded.

The Californian-based FireEye has said that its researchers gained access to the “inner workings” of the computer server that acted as a base of operations for the hackers. From this location the individuals snooped on government computers, but FireEye says they lost track of the criminals just as they prepared to steal actual data.

The internet security company says it had been following the group of unidentified hackers for several years, naming the gang “Ke3Chang” after the title of a component in one of their computer viruses.

Previous operatiopns by the hackers included one during a summit meeting in Paris for G20 Finance ministers. This lured victims into downloading malware with promises that a file contained nude images of Carla Bruni, the French-Italian singer and wife of the French ex-President Nicolas Sarkozy.

“Beyond the fact they are Chinese, we don’t know who the attackers are or what their motivations might be,” Villeneuve told the New York Times.

FireEye say that they have reported the incident to the FBI, but neither American nor Chinese officials have yet to issue any official statement.

Comments