Middle East experts at major US think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm working with the institutions.
The group behind the breaches, called "Deep Panda" by security researchers, appears to be affiliated with the Chinese government, said Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones had been breached.
Alperovitch said the firm noticed a "radical" shift in Deep Panda's focus on June 18, the same day witnesses reported that Sunni extremists had seized Iraq's largest oil refinery.
The Chinese group has focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues.
This latest breach follows a pattern identified by experts of Chinese cyberspies targeting major Washington institutions, including think tanks and law firms. It's rarely clear why Chinese cyberspies hack specific American targets, but experts say there are a few clues to why Deep Panda may have been interested in Middle East experts at think tanks.
China's Foreign Ministry repeated that the government opposed hacking and dismissed the report.
"Some US internet security firms ignore the US threat to the internet and constantly seize upon the so-called China internet threat. The evidence they produce is fundamentally untrustworthy and unworthy of comment," spokesman Hong Lei said.
China's need for natural resources has skyrocketed along with its economic profile, and the country has increasingly turned to the Middle East to fuel its energy needs. China surpassed the US as the world's largest net importer of petroleum and other liquid fuels last September, according to the US Energy Information Administration. In Iraq, China is a major oil investor.
"It wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper US military involvement that could help protect the Chinese oil infrastructure in Iraq," writes Alperovitch in a post on his company's blog.
Experts say that breaking into organisations like think tanks can give adversaries access to sensitive communications about international strategy - and potentially allow them to use compromised e-mail accounts to get at other targets.
"If you can go after these indirect targets that have some of the information, or you can see who they are communicating with, you build up a lot of intelligence," said Benjamin Johnson, a former National Security Agency employee who now works at the cybersecurity firm Bit9.
Alperovitch says the digital signatures of the group behind the attack, Deep Panda, indicate it is affiliated with the Chinese government. "We have attribution details leading us to believe it is operating out of China and traditionally goes after things of interest to Chinese state-owned enterprises and foreign relations information relevant to the Chinese government."