Chinese hackers shift focus from US tech majors


by CBR Staff Writer| 08 July 2014

Professionals from Middle East at major US think tanks were targeted amid escalating incidents in Iraq.

Chinese hacking group 'Deep Panda' has reportedly shifted its focus from American tech majors and financial institutions to key US think tanks that employ ex high level government officials.

An alledged affiliate of the Chinese government, the hacking group attacked professionals from Middle East at major US think tanks in the midst of escalating internal security issues in Iraq, according to security firm CrowdStrike.

CrowdStrike chief technology officer Dmitri Alperovitch said that the individuals who are typically targeted at these institutions tend to be former senior government officials who still have lots of contacts within Western governments and, as such, their private correspondence is of extreme interest to these attackers.

"The intelligence services of these nation states are always on the lookout for any clues they may extract from such private communications that may give them an advanced insight into what options government policy makers are considering on particular issues of interest," Alperovitch added.

The Chinese hacking group has been gathering intelligence mainly on US policy in Southeast Asia, while has abruptly shift direction and started gathering data about Iraq and Middle East policy, the report added.

"This is undoubtedly related to the recent Islamic State of Iraq and the Levant (ISIS) takeover of major parts of Iraq, and the potential disruption for major Chinese oil interests in that country," Alperovitch said.

"In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq's oil sector.

"Thus, it wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq.

"In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."

As part of the latest attacks, hackers exploited vulnerability in Windows and deployed powershell scripts as programmed tasks on Microsoft Windows computers.

"The scripts are passed to the powershell interpreter through the command line to avoid placement of extraneous files on the victim machine that could potentially trigger AV- or Indicator of Compromise (IOC)-based detection," Alperovitch added.

Upon experiencing such attacks, the think tanks are working to thwart similar attacks in future, while Deep Panda would reportedly continue to target such organisations even further.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2210 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.