Computer breaches at the foreign ministries of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary have been traced to Chinese hackers.
The attacks, which began in 2010, are continuing, according to a report scheduled to be released yesterday by FireEye, a computer security company in Milpitas, California.
Though researchers do not name the hackers’ targets in the report, the New York Times identified the foreign ministries through e-mail addresses listed on the attackers’ Web page.
A person with knowledge of the investigation, who was not authorized to speak publicly, confirmed that the foreign ministries of the five countries had been breached.
Even as revelations by Edward Snowden about surveillance conducted by the US National Security Agency and its intelligence partners dominate attention, the FireEye report is a reminder that Chinese hackers continue to break into the computer systems of governments and firms using simple, e-mail-based attacks.
The FireEye report does not link the attacks to a specific group in China, but security experts say the list of victims points to a state-affiliated campaign.
“Unlike other groups, which tend to attack commercial targets, this campaign specifically targeted ministries of foreign affairs,” said Nart Villeneuve, the researcher who helped lead FireEye’s efforts.
Last year, Villeneuve, then a researcher at Trend Micro, a security company in Tokyo, traced a series of attacks on firms in Japan and India, as well as Tibetan activists, to a former graduate student at Sichuan University who had joined Tencent, China’s leading Internet company.
Villeneuve said the current hacks are highly selective. Researchers first began tracking the campaign — which they call “Ke3Chang” after a reference buried in the malware code — in 2011. That October, various G20 finance ministers were targeted during a G20 meeting in Paris.
The attackers sent their targets e-mails with a link that claimed to contain naked photos of Carla Bruni-Sarkozy, wife of former French president Nicolas Sarkozy. Once clicked, attackers were able to gain a foothold into their targets’ computer networks, though investigators said they were unable to see which files the attackers had taken.
The closest they came was in August when FireEye’s researchers were able to infiltrate one of the group’s 23 command-and-control servers for one week. They could see that the server had breached 21 targets, including government ministries in the five European countries.
They watched as attackers mapped out victims’ computer networks, searching for users with privileged access who would allow them entry into the computers of high value targets.
That glimpse gave researchers a rare window into the attackers’ techniques and clues to their origin. Their malware contained Chinese character strings and one Web page used to compromise computers was written in Chinese. They also used several machines to test their malware which used the Chinese language as the default setting.
“Beyond the fact they are Chinese, we don’t know who the attackers are or what their motivations might be,” Villeneuve said.
Chinese Ministry of Foreign Affairs officials have said China does not sanction hacking, and is itself a victim of hacking attacks.
AFGHAN CHILD: A court battle is ongoing over if the toddler can stay with Joshua Mast and his wife, who wanted ‘life, liberty and the pursuit of happiness’ for her Major Joshua Mast, a US Marine whose adoption of an Afghan war orphan has spurred a years-long legal battle, is to remain on active duty after a three-member panel of Marines on Tuesday found that while he acted in a way unbecoming of an officer to bring home the baby girl, it did not warrant his separation from the military. Lawyers for the Marine Corps argued that Mast abused his position, disregarded orders of his superiors, mishandled classified information and improperly used a government computer in his fight over the child who was found orphaned on the battlefield in rural Afghanistan
NEW STORM: investigators dubbed the attacks on US telecoms ‘Salt Typhoon,’ after authorities earlier this year disrupted China’s ‘Flax Typhoon’ hacking group Chinese hackers accessed the networks of US broadband providers and obtained information from systems that the federal government uses for court-authorized wiretapping, the Wall Street Journal (WSJ) reported on Saturday. The networks of Verizon Communications, AT&T and Lumen Technologies, along with other telecoms, were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter. The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized US requests for communications data, the report said. The hackers had also accessed other tranches of Internet traffic, it said. The Chinese Ministry of Foreign Affairs
EYEING THE US ELECTION: Analysts say that Pyongyang would likely leverage its enlarged nuclear arsenal for concessions after a new US administration is inaugurated North Korean leader Kim Jong-un warned again that he could use nuclear weapons in potential conflicts with South Korea and the US, as he accused them of provoking North Korea and raising animosities on the Korean Peninsula, state media reported yesterday. Kim has issued threats to use nuclear weapons pre-emptively numerous times, but his latest warning came as experts said that North Korea could ramp up hostilities ahead of next month’s US presidential election. In a Monday speech at a university named after him, the Kim Jong-un National Defense University, he said that North Korea “will without hesitation use all its attack
STOPOVERS: As organized crime groups in Asia and the Americas move drugs via places such as Tonga, methamphetamine use has reached levels called ‘epidemic’ A surge of drugs is engulfing the South Pacific as cartels and triads use far-flung island nations to channel narcotics across the globe, top police and UN officials told reporters. Pacific island nations such as Fiji and Tonga sit at the crossroads of largely unpatrolled ocean trafficking routes used to shift cocaine from Latin America, and methamphetamine and opioids from Asia. This illicit cargo is increasingly spilling over into local hands, feeding drug addiction in communities where serious crime had been rare. “We’re a victim of our geographical location. An ideal transit point for vessels crossing the Pacific,” Tonga Police Commissioner Shane McLennan