Chinese hacking group 'Deep Panda' has reportedly shifted its focus from American tech majors and financial institutions to key US think tanks that employ ex high level government officials.
An alledged affiliate of the Chinese government, the hacking group attacked professionals from Middle East at major US think tanks in the midst of escalating internal security issues in Iraq, according to security firm CrowdStrike.
CrowdStrike chief technology officer Dmitri Alperovitch said that the individuals who are typically targeted at these institutions tend to be former senior government officials who still have lots of contacts within Western governments and, as such, their private correspondence is of extreme interest to these attackers.
"The intelligence services of these nation states are always on the lookout for any clues they may extract from such private communications that may give them an advanced insight into what options government policy makers are considering on particular issues of interest," Alperovitch added.
The Chinese hacking group has been gathering intelligence mainly on US policy in Southeast Asia, while has abruptly shift direction and started gathering data about Iraq and Middle East policy, the report added.
"This is undoubtedly related to the recent Islamic State of Iraq and the Levant (ISIS) takeover of major parts of Iraq, and the potential disruption for major Chinese oil interests in that country," Alperovitch said.
"In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq's oil sector.
"Thus, it wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq.
"In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."
As part of the latest attacks, hackers exploited vulnerability in Windows and deployed powershell scripts as programmed tasks on Microsoft Windows computers.
"The scripts are passed to the powershell interpreter through the command line to avoid placement of extraneous files on the victim machine that could potentially trigger AV- or Indicator of Compromise (IOC)-based detection," Alperovitch added.
Upon experiencing such attacks, the think tanks are working to thwart similar attacks in future, while Deep Panda would reportedly continue to target such organisations even further.