Chinese hackers accused of targeting US defence firms linked to South China Sea
Cybersecurity group says companies were targeted for information that could prove useful for Beijing in disputed maritime waters
Chinese hackers launched a wave of attacks on mainly US engineering and defence companies linked to the disputed South China Sea, the cybersecurity firm FireEye claimed on Friday.
The suspected Chinese cyber-espionage group dubbed TEMP. Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a US-based provider of network protection systems.
The hackers have focused on US maritime entities that were either linked to – or have clients operating in – the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.
“They are going after data that can be used strategically, so it is line with state espionage,” said Plan, whose firm has tracked the group since 2013.
“A private entity probably wouldn’t benefit from the sort of data that is being stolen.”
The TEMP. Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said.
The surge in attacks picked up pace last month and was ongoing.
While FireEye traced the group’s attacks to China, the firm hasn’t confirmed any link to Chinese government entities or facilities. FireEye declined to name any targets.
Although most were based in the US, organisations in Europe and at least one in Hong Kong were also affected, the firm said.
The Chinese Ministry of Foreign Affairs in Beijing did not immediately respond to a request for comment on Friday.
Plan said suspected Chinese cyberattacks on US targets had increased in recent months, after both sides agreed not to attack civilian entities in 2015.
The deal to tamp down economic espionage was hammered out between Barack Obama’s administration and President Xi Jinping.
The US indicted five Chinese military officials in 2014 on charges that they stole trade secrets from companies including Westinghouse Electric Co and United States Steel Corp after hacks were detected by Mandiant, a unit of FireEye.
China denies the charges and argues the country is a victim rather than an instigator of cybersecurity attacks.
The data sought in the latest incidents could be used, for instance, to determine how closely a vessel could sail to a geographical feature, Plan said.
“It is definitely the case that they can use this information for strategic decision-making,” he said.
The US Navy sometimes conducts so-called freedom of navigation operations to challenge Chinese claims to more than 80 per cent of the South China Sea one of the world’s busiest trading routes. China has reclaimed some 3,200 acres (1,290 hectares) of land in the waters and built ports, runways and other military infrastructure on seven artificial features it has created.
China has been involved in other attacks related to the South China Sea. In 2015, during a week-long hearing on a territorial dispute in the water, Chinese malware attacked the website of the Permanent Court of Arbitration in The Hague, taking it offline.
The latest attacks were carried out using a variety of techniques including “spear-phishing,” in which emails with links and attachments containing malware are used to open back doors into computer networks.
In some examples, the emails were made to look as if they originated from a “big international maritime company,” Plan said.
FireEye said in a separate report that government offices, media and academic institutions have been attacked, along with engineering and defence companies. Plan declined to comment when asked whether the US Navy was among the targets.
“Given the type of organisations that have been targeted – the organisations and government offices – it is most likely the case that TEMP. Periscope is operating on behalf of a government office,” Plan said.