Chinese spies targeted American and British firms by hacking employees' favourite websites

PUBLISHED : Friday, 07 August, 2015, 7:46am
UPDATED : Sunday, 09 August, 2015, 9:12pm

A Chinese hacking group managed to compromise the networks of 50 companies in the United Kingdom and the United States by going after websites that staff visited regularly. 

By using so-called "watering hole" attacks, hackers were able to manipulate websites that users trusted or visited frequently in order to deliver malware to their targets. 

Targets included the Embassy of Russia in Washington D.C. and Spanish defence company Amper.

More than 100 websites were taken advantage of in this fashion, according to experts at Dell SecureWorks, who revealed their findings during a talk this week at the Black Hat hacking conference in Las Vegas.

SecureWorks has been tracking the group, which it dubbed "Emissary Panda", for more than two years. 

Emissary Panda is "far from cuddly" they said, having targeted websites across the world for cyber espionage and data theft. 

Having set their sights on a particular set of information within a victim organisation "they would steal every file relating to the project or projects, but not extract any other files, further staying under the radar", SecureWorks said.

It added that the group could be tied to China due to a specific type of malware it uses that has been linked to Chinese hackers. The time zone also fits the period when the group used Chinese search engine Baidu to carry out reconnaissance. 

As well as industrial espionage, Emissary Panda targeted groups critical of China. 

It targeted a cultural website for Uyghurs, the ethnic minority that has for years been causing unrest in China’s westernmost Xinjiang province in a bid to separate from the rest of the country. 

China has accused Uyghurs of terrorist activities, and the group was likely gathering intelligence on dissidents and exiles in the region.

In recent months, the world has seen a slew of hacking attacks by groups linked to China. 

Last week, United Airlines revealed that its servers had been breached by the same group believed to be responsible for another cyber attack on a US government department, which resulted in the hackers making off with millions of federal workers' personal information. 

Hong Kong has not been exempt from such attacks. 

According to US cybersecurity firm FireEye, the city is the number one target for hackers in the Asia Pacific region.