Gmail accounts belonging to high-ranking US government officials have been targeted in malware and phishing attacks from China, according to Google.
Gmail accounts belonging to high-ranking US government officials have been targeted in malware and phishing attacks from China, Google has said. Photo credit: Geoff S/Flickr
The cyber-espionage attacks originated from Jinan, and attempted to get passwords by trying to trick users with phishing scams, or by hacking other websites for passwords, Google said in a blog post on Wednesday. Once hacked, the passwords could be re-used, as people often use the same passwords for multiple sites.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," said the blog post.
The Jinan area is home to one of the People's Liberation Army (PLA) technical reconnaissance bureaus (TRBs), according to a US-China Economic and Security Review Commission report. The PLA has at least six TRBs, located in the Jinan, Lanzhou, Chengdu, Guangzhou and Beijing military regions. The TRBs are tasked with collecting signals intelligence against tactical and strategic targets, according to the report (PDF).
Google noticed the attack through its cloud-based security and abuse detection systems, as well as user reports and a report by Washington DC-based security researcher Mila Parkour. The attack against Gmail and Yahoo Mail was directed at people associated with political affairs and the military, Parkour said on her Contagio blog in February. Target recipients included government and non-government employees working on defence, political affairs and national security, as well as defence and military personnel, said Parkour.
Google said in a statement on Thursday that it did not know whether the Chinese government had been involved in the attacks.
"We believe that this campaign to steal users' passwords originated from Jinan, China. We can't say for sure who is responsible," said a Google spokesman. "We have more than 500 employees and hundreds of partners in China and we plan to continue to work there."
The UK Chinese embassy declined to comment on Thursday. However, the Chinese foreign ministry told the BBC on Thursday that it was "unacceptable" to blame China.
Relations between Google and the Chinese government have been strained since Google publicised a Chinese cyberattack in January 2010. In March 2010 Google stopped censoring its search results in China, redirecting users to Hong Kong. In March 2011 Google blamed China for Gmail disruptions, which the government said was "unacceptable".
China is itself a victim of hackers, UK Chinese Ambassador Liu Xiaoming told the EastWest Institute Cyber Security Conference in London on Wednesday.
In 2010, the Chinese National Computer Emergency Response Team (CNCERT) report said that out of nearly 480,000 Trojan server IP addresses found, 221,000 were outside China. Chinese authorities found 13,782 zombie server IP addresses, with 6,531 of those outside China.
"It is therefore not factual to claim that hackers originate from China, nor is it conducive to international co-operation in cybersecurity," said Liu.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.