UK Think Tanks Hacked by Groups in China

Uploaded on 2018-03-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, TECHNOLOGY--Hackers

Some UK think tanks were hacked by China-based groups last year, a US cybersecurity company which said it investigated the breaches has claimed. Crowdstrike said it saw the repeated targeting of think tanks specialising in international security and defence issues, beginning in April 2017.

The group also investigated a breach of the US Democratic National Committee, allegedly by Russian hackers, in 2016.

The BBC understands that not all of the UK think tanks targeted were breached. A number of think tanks contacted by the BBC declined to comment, although Crowdstrike said it was called in by some to respond to hack attacks.

It attributes the attacks to groups they call "Panda", which Crowdstrike said are based in China and linked to the Chinese state.

Crowdstrike said Chinese cyber activity increased in 2017 across the world after a relative lull, most likely when cyber actors focused more on domestic issues.

Previously, the California-based group was asked by the Democratic National Committee to investigate US election hacking in the spring of 2016.

Very Influential

Globally, law firms, universities and technology companies were targeted in the early summer of 2017 - while in the UK think tanks were hit.

Dmitri Alperovitch, Crowdstrike's co-founder and chief technology officer, told the BBC that a number of think tanks that work on Chinese policy were targeted "very aggressively".

He said those behind the attacks were trying to steal reports - but also any information about connections to government.

"They do believe the think tanks are very influential both in the US and UK," he said. "They believe that they may have access to information which is not public.

"In some cases that can be true, because you do have a lot of informal channels that these think tank people will have with government officials."

The company's Global Threat Report for 2018 also stated that cyber attackers "stole data after targeting executives and research fellows".

According to a copy of the report provided to the BBC, the victims included "researchers specialising in nuclear policy and the South China Sea, as well as event coordinators responsible for planning an annual security forum."

Trade Links

The UK's focus on increasing trade with China could also be a motivation, Mr Alperovitch said.

"The UK government is trying to forge closer ties with China in terms of trade," he said.

"That's always of interest to the Chinese government, particularly when the US government is taking a hard line."

He added: "They have been very successful at compromising these organisations."

Mr Alperovitch said Crowdstrike would be brought in after an attack to help investigate, "clean up" and protect the organisations going forward. The company said that even after the Chinese hackers were kicked out, they would try to get back in.

Investigators in the US have in the past charged suspected Chinese hackers

In its report, Crowdstrike said in October 2017 its team noticed a change in tactics - when a Chinese group installed a particular piece of malware on the network of one of the think tanks targeted.

One day later, the same behaviour was observed at a second think tank. The infrastructure used in the attack was also similar to that used to target a southeast Asian telecommunications company around the same time, Crowdstrike said.

The company described the attempts to target victims in different countries and industries, as well as re-using different tools, as "pervasive and brash".

BBC

You Might Also Read: 

Chinese Hacker Groups Shift Focus To India:

UK Under Attack By Russian & Chinese State Sponsored  Hackers:

 

« Which Phishing Messages Have A Near 100% Click Rate?
Cyber Criminals Catch Up With Nation-States »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.