Computer breaches at the foreign ministries of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary have been traced to Chinese hackers.
The attacks, which began in 2010, are continuing, according to a report scheduled to be released yesterday by FireEye, a computer security company in Milpitas, California.
Though researchers do not name the hackers’ targets in the report, the New York Times identified the foreign ministries through e-mail addresses listed on the attackers’ Web page.
A person with knowledge of the investigation, who was not authorized to speak publicly, confirmed that the foreign ministries of the five countries had been breached.
Even as revelations by Edward Snowden about surveillance conducted by the US National Security Agency and its intelligence partners dominate attention, the FireEye report is a reminder that Chinese hackers continue to break into the computer systems of governments and firms using simple, e-mail-based attacks.
The FireEye report does not link the attacks to a specific group in China, but security experts say the list of victims points to a state-affiliated campaign.
“Unlike other groups, which tend to attack commercial targets, this campaign specifically targeted ministries of foreign affairs,” said Nart Villeneuve, the researcher who helped lead FireEye’s efforts.
Last year, Villeneuve, then a researcher at Trend Micro, a security company in Tokyo, traced a series of attacks on firms in Japan and India, as well as Tibetan activists, to a former graduate student at Sichuan University who had joined Tencent, China’s leading Internet company.
Villeneuve said the current hacks are highly selective. Researchers first began tracking the campaign — which they call “Ke3Chang” after a reference buried in the malware code — in 2011. That October, various G20 finance ministers were targeted during a G20 meeting in Paris.
The attackers sent their targets e-mails with a link that claimed to contain naked photos of Carla Bruni-Sarkozy, wife of former French president Nicolas Sarkozy. Once clicked, attackers were able to gain a foothold into their targets’ computer networks, though investigators said they were unable to see which files the attackers had taken.
The closest they came was in August when FireEye’s researchers were able to infiltrate one of the group’s 23 command-and-control servers for one week. They could see that the server had breached 21 targets, including government ministries in the five European countries.
They watched as attackers mapped out victims’ computer networks, searching for users with privileged access who would allow them entry into the computers of high value targets.
That glimpse gave researchers a rare window into the attackers’ techniques and clues to their origin. Their malware contained Chinese character strings and one Web page used to compromise computers was written in Chinese. They also used several machines to test their malware which used the Chinese language as the default setting.
“Beyond the fact they are Chinese, we don’t know who the attackers are or what their motivations might be,” Villeneuve said.
Chinese Ministry of Foreign Affairs officials have said China does not sanction hacking, and is itself a victim of hacking attacks.
Republican US lawmakers on Friday criticized US President Joe Biden’s administration after sanctioned Chinese telecoms equipment giant Huawei unveiled a laptop this week powered by an Intel artificial intelligence (AI) chip. The US placed Huawei on a trade restriction list in 2019 for contravening Iran sanctions, part of a broader effort to hobble Beijing’s technological advances. Placement on the list means the company’s suppliers have to seek a special, difficult-to-obtain license before shipping to it. One such license, issued by then-US president Donald Trump’s administration, has allowed Intel to ship central processors to Huawei for use in laptops since 2020. China hardliners
Conjoined twins Lori and George Schappell, who pursued separate careers, interests and relationships during lives that defied medical expectations, died this month in Pennsylvania, funeral home officials said. They were 62. The twins, listed by Guinness World Records as the oldest living conjoined twins, died on April 7 at the Hospital of the University of Pennsylvania, obituaries posted by Leibensperger Funeral Homes of Hamburg said. The cause of death was not detailed. “When we were born, the doctors didn’t think we’d make 30, but we proved them wrong,” Lori said in an interview when they turned 50, the Philadelphia Inquirer reported. The
RAMPAGE: A Palestinian man was left dead after dozens of Israeli settlers searching for a missing 14-year-old boy stormed a village in the Israeli-occupied West Bank US President Joe Biden on Friday said he expected Iran to attack Israel “sooner, rather than later” and warned Tehran not to proceed. Asked by reporters about his message to Iran, Biden simply said: “Don’t,” underscoring Washington’s commitment to defend Israel. “We are devoted to the defense of Israel. We will support Israel. We will help defend Israel and Iran will not succeed,” he said. Biden said he would not divulge secure information, but said his expectation was that an attack could come “sooner, rather than later.” Israel braced on Friday for an attack by Iran or its proxies as warnings grew of
A prominent Christian leader has allegedly been stabbed at the altar during a Mass yesterday in southwest Sydney. Bishop Mar Mari Emmanuel was saying Mass at Christ The Good Shepherd Church in Wakeley just after 7pm when a man approached him at the altar and allegedly stabbed toward his head multiple times. A live stream of the Mass shows the congregation swarm forward toward Emmanuel before it was cut off. The church leader gained prominence during the COVID-19 pandemic, amassing a large online following, Officers attached to Fairfield City police area command attended a location on Welcome Street, Wakeley following reports a number