European Foreign Ministries Breached By Chinese Hackers

Thomas Brewster,

Attackers used information on the Syrian crisis as bait around the time of the G20 meeting in Russia

Foreign affairs ministries of European nations were targeted by Chinese hackers with Syria-themed attacks around the time of the G20 meeting in Russia, which focused on the war-torn country.

The Ke3chang group has been operational since 2010, but only started targeting foreign affairs departments of European governments in August this year, researchers from security firm FireEye said.

Having gained access to one of the 23 command and control servers used by the hackers, the researchers discovered 21 infected machines, nine of which were based in governments from five different European nations. They have not revealed the names of nations that were successfully penetrated.

China © Stephen Finn, Shutterstock 2012Hackers compromise government networks

“The attackers have used three types of malware over the years and have traditionally targeted the aerospace, energy, government, high-tech, consulting services, and chemicals/manufacturing/mining sectors,” the FireEye report read.

“However, the number of attacks against entities in these sectors has been small. The scarcity of individual attacks may indicate the attackers are selective about their targets.”

To exploit their targets, the attackers used a Java zero-day vulnerability, and now-patched flaws in Microsoft Word and Adobe PDF Reader.

Back in 2011, the attackers used the theme of nude photos of the French prime minister’s wife, Carla Bruni, in their spear phishing attempts. Another campaign used information about the London Olympics as bait, and just after the event the attackers used a McAfee threat report as a lure.

FireEye said it believed the attackers were Chinese, as it appeared their control panel used Chinese characters, whilst  when testing their malware it appeared they were using the Windows operating systems,with the default language set to Chinese.

“Attackers are able to successfully penetrate government targets using exploits for vulnerabilities that have already been patched and despite the fact that these ministries have defenses in place,” the report read.

“This illustrates the limitations of traditional defenses and highlights the need for security strategies that not only leverage advanced technologies designed to defend against targeted threats, but also the incorporation of threat intelligence and an incident response capability.”

Are you a security expert? Try our quiz!