Chinese hackers spied on Europe before G20 Summit, researchers say

Security researchers say that Chinese hackers monitored the computers of give European foreign ministries before the G20 Summit.
Written by Charlie Osborne, Contributing Writer

Chinese hackers infiltrated computer systems and eavesdropped on attendees at September's G20 Summit, according to new research.

Security experts at FireEye say that hackers infiltrated the ministry computers of five European attendees, as reported by Reuters. Malicious emails were sent to staff at each of the ministries which contained files with titles such as "US_military_options_in_Syria" -- a tempting lure considering how the Syrian crisis dominated the conference.

Once opened, the emails provided the channel for malicious code to be loaded on to the computers -- which became the conduit for the Chinese hackers to spy on ministry activity. According to the security firm, all of those affected are members of the European Union, but FireEye did not disclose individual names.

The Chinese hacking group has been named "Ke3chang" after the name of files used within some of the cybercriminals' malicious applications.

In late August, the researchers were able to monitor the "inner workings" of the computer server used to control the malware and move across infiltrated systems. However, FireEye lost its link to the hackers once they shifted their activities to a different server just before the G20 Summit took place in Russia. The firm said it believes the hackers moved the command center as they began preparations to steal data from the compromised systems.

The researchers involved in the project said that a number of technical markers point towards China as a source, such as the language used on the command center and machines used to test malicious code -- before firing off the phishing emails. However, there is no evidence to suggest a link to the Chinese government. FireEye researcher Nart Villeneuve said:

"The theme of the attacks was U.S. military intervention in Syria. That seems to indicate something more than intellectual property theft [...] the intent was to target those involved with the G20."

China has long denied accusations of using cyberattacks and malware for digital warfare. A number of infiltrations and attacks have been pointed at the Asian giant, including "consistent" attacks on media outlets such as the New York Times and Wall Street Journal. Chinese networking equipment makers ZTE and Huawei have also been accused of tampering with their products to provide conduits for cybercrime.

However, Du Yuejin, deputy CTO of national computer emergency response team (CERT) and coordination center of China says that the country is a victim of cybercrime, and "the misunderstanding against China should be eliminated and everyone must work together to fight against the real enemy."

A study conducted by the People's Public Security University of China says that in 2012, cybercrime cost the country $46.4 billion.

While China denies that it is responsible for such attacks, U.S. government officials believe cybercrime is more of a threat than terrorism -- despite Edward Snowden's revelations of the country using potentially illegal digital methods to spy on its own citizens and allies.

Editorial standards