UK Think Tanks Hacked by Groups in China

Uploaded on 2018-03-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, TECHNOLOGY--Hackers

Some UK think tanks were hacked by China-based groups last year, a US cybersecurity company which said it investigated the breaches has claimed. Crowdstrike said it saw the repeated targeting of think tanks specialising in international security and defence issues, beginning in April 2017.

The group also investigated a breach of the US Democratic National Committee, allegedly by Russian hackers, in 2016.

The BBC understands that not all of the UK think tanks targeted were breached. A number of think tanks contacted by the BBC declined to comment, although Crowdstrike said it was called in by some to respond to hack attacks.

It attributes the attacks to groups they call "Panda", which Crowdstrike said are based in China and linked to the Chinese state.

Crowdstrike said Chinese cyber activity increased in 2017 across the world after a relative lull, most likely when cyber actors focused more on domestic issues.

Previously, the California-based group was asked by the Democratic National Committee to investigate US election hacking in the spring of 2016.

Very Influential

Globally, law firms, universities and technology companies were targeted in the early summer of 2017 - while in the UK think tanks were hit.

Dmitri Alperovitch, Crowdstrike's co-founder and chief technology officer, told the BBC that a number of think tanks that work on Chinese policy were targeted "very aggressively".

He said those behind the attacks were trying to steal reports - but also any information about connections to government.

"They do believe the think tanks are very influential both in the US and UK," he said. "They believe that they may have access to information which is not public.

"In some cases that can be true, because you do have a lot of informal channels that these think tank people will have with government officials."

The company's Global Threat Report for 2018 also stated that cyber attackers "stole data after targeting executives and research fellows".

According to a copy of the report provided to the BBC, the victims included "researchers specialising in nuclear policy and the South China Sea, as well as event coordinators responsible for planning an annual security forum."

Trade Links

The UK's focus on increasing trade with China could also be a motivation, Mr Alperovitch said.

"The UK government is trying to forge closer ties with China in terms of trade," he said.

"That's always of interest to the Chinese government, particularly when the US government is taking a hard line."

He added: "They have been very successful at compromising these organisations."

Mr Alperovitch said Crowdstrike would be brought in after an attack to help investigate, "clean up" and protect the organisations going forward. The company said that even after the Chinese hackers were kicked out, they would try to get back in.

Investigators in the US have in the past charged suspected Chinese hackers

In its report, Crowdstrike said in October 2017 its team noticed a change in tactics - when a Chinese group installed a particular piece of malware on the network of one of the think tanks targeted.

One day later, the same behaviour was observed at a second think tank. The infrastructure used in the attack was also similar to that used to target a southeast Asian telecommunications company around the same time, Crowdstrike said.

The company described the attempts to target victims in different countries and industries, as well as re-using different tools, as "pervasive and brash".

BBC

You Might Also Read: 

Chinese Hacker Groups Shift Focus To India:

UK Under Attack By Russian & Chinese State Sponsored  Hackers:

 

« Which Phishing Messages Have A Near 100% Click Rate?
Cyber Criminals Catch Up With Nation-States »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

DAtAnchor

DAtAnchor

Anchor is simply a better way to protect and control sensitive data. Zero-trust, data-centric security. Simplified.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).