Threatwatch

Chinese pry open European networks with Syria tease

Cyber espionage; Spearphishing

Ahead of this fall's G20 Summit in St. Petersburg, Russia, hackers from China reportedly poked around in the computers of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary.

The conversation during the meeting was dominated by the Syrian crisis.

To trick ministry staff into opening up their systems, the Chinese hackers sent emails containing infected attachments such as "UStmilitarytoptionstintSyria."

When clicked, the files downloaded malicious code onto their machines.

For about a week in late August, California-based FireEye researchers were able to monitor the main computer server used by the hackers.

"The theme of the attacks was U.S. military intervention in Syria," FireEye researcher Nart Villeneuve said. "That seems to indicate something more than intellectual property theft... The intent was to target those involved with the G20."

Villeneuve said he was confident the attackers were Chinese because of the language used on their control server and the machines that they used to test their malicious code, among other evidence.

The researchers did not discover clues linking the hackers to the Chinese government.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Government (Foreign)

reported

December 10, 2013

reported by

Reuters

number affected

Unknown

location of breach

Europe

perpetrators

Chinese Hackers

location of perpetrators

China

date breach occurred

August 2013 through Sept. 2013

date breach detected

August 2013