Prior to the G20 summit in September, Chinese hackers targeted a series of European officials, according to a new report. Research firm FireEye claims that the hackers sent e-mails laced with malware
to the ministry computers of at least five European officials.
The infected e-mails were sent to the officials with titles such as "US_military_options_in_Syria." Since the e-mails had to be opened for the computer's to be infiltrated, the hackers disguised the e-mails as having information pertinent to what was then becoming a potential war in Syria.
Although the security researchers were able to follow the hackers before the G20 Summit, they eventually lost track as the hackers switched to a new server.
By switching servers, FireEye suspects that the hackers were able to more easily spy on the five European countries while the Summit was occurring. In August, the researchers were still able to figure out where the hackers were operating from and, in doing so, they confirmed that the hackers were operating within China.
Even though they eventually lost track of where the hacks originated, the researchers had enough information to determine that not only were the hackers from China but that they were searching for information regarding the G20 Summit and the topics that were going to be discussed.
The Chinese Government?
With the release of this report, many tech publications have fingered the Chinese government as a likely culprit in the attacks. Although the Chinese government has already worked to distance itself from the hackers, it makes sense that the government would be interested in otherwise private information that was being brought up before and during the G20 Summit.
Just as FireEye has been quiet regarding the European countries that were targeted in the attacks, it has also been unable to identify the hackers. According to the official report, the hackers appear to have been part of a group called "Ke3chang."
The attacks were only the most recent in a long string of attacks that have been confirmed as coming from China and targeting foreign governments. Whether or not the Chinese government has had any connection to the attacks has never actually been confirmed but the government has continued to adamantly deny involvement.
The one thing that has set this round of attacks apart from the rest is that even though the hackers were interested in the European Union nations, they did not target the United States.
As of now, the public is not being told which European countries were targeted in the hack. In addition, the researchers have been unable to actually determine who the hackers were.