UK Think Tanks Hacked by Groups in China

Some UK think tanks were hacked by China-based groups last year, a US cybersecurity company which said it investigated the breaches has claimed. Crowdstrike said it saw the repeated targeting of think tanks specialising in international security and defence issues, beginning in April 2017.

The group also investigated a breach of the US Democratic National Committee, allegedly by Russian hackers, in 2016.

The BBC understands that not all of the UK think tanks targeted were breached. A number of think tanks contacted by the BBC declined to comment, although Crowdstrike said it was called in by some to respond to hack attacks.

It attributes the attacks to groups they call "Panda", which Crowdstrike said are based in China and linked to the Chinese state.

Crowdstrike said Chinese cyber activity increased in 2017 across the world after a relative lull, most likely when cyber actors focused more on domestic issues.

Previously, the California-based group was asked by the Democratic National Committee to investigate US election hacking in the spring of 2016.

Very Influential

Globally, law firms, universities and technology companies were targeted in the early summer of 2017 - while in the UK think tanks were hit.

Dmitri Alperovitch, Crowdstrike's co-founder and chief technology officer, told the BBC that a number of think tanks that work on Chinese policy were targeted "very aggressively".

He said those behind the attacks were trying to steal reports - but also any information about connections to government.

"They do believe the think tanks are very influential both in the US and UK," he said. "They believe that they may have access to information which is not public.

"In some cases that can be true, because you do have a lot of informal channels that these think tank people will have with government officials."

The company's Global Threat Report for 2018 also stated that cyber attackers "stole data after targeting executives and research fellows".

According to a copy of the report provided to the BBC, the victims included "researchers specialising in nuclear policy and the South China Sea, as well as event coordinators responsible for planning an annual security forum."

Trade Links

The UK's focus on increasing trade with China could also be a motivation, Mr Alperovitch said.

"The UK government is trying to forge closer ties with China in terms of trade," he said.

"That's always of interest to the Chinese government, particularly when the US government is taking a hard line."

He added: "They have been very successful at compromising these organisations."

Mr Alperovitch said Crowdstrike would be brought in after an attack to help investigate, "clean up" and protect the organisations going forward. The company said that even after the Chinese hackers were kicked out, they would try to get back in.

Investigators in the US have in the past charged suspected Chinese hackers

In its report, Crowdstrike said in October 2017 its team noticed a change in tactics - when a Chinese group installed a particular piece of malware on the network of one of the think tanks targeted.

One day later, the same behaviour was observed at a second think tank. The infrastructure used in the attack was also similar to that used to target a southeast Asian telecommunications company around the same time, Crowdstrike said.

The company described the attempts to target victims in different countries and industries, as well as re-using different tools, as "pervasive and brash".

BBC

You Might Also Read: 

Chinese Hacker Groups Shift Focus To India:

UK Under Attack By Russian & Chinese State Sponsored  Hackers:

 

« Which Phishing Messages Have A Near 100% Click Rate?
Cyber Criminals Catch Up With Nation-States »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Consortium

Consortium

Consortium goes beyond products and promises by working with enterprises to identify, acquire, and deploy cybersecurity solutions that matter.