Chinese hackers breached email servers of foreign ministers as part of a years-long effort targeting the communications of diplomats around the world, according to researchers at the cybersecurity firm Palo Alto Networks Inc.
Attackers accessed Microsoft Exchange email servers, gaining the ability to search for information at some foreign ministries, said the team at Unit 42, the threat intelligence division of Palo Alto Networks, which has been tracking the group for nearly three years.
Hackers specifically searched in the email servers for key terms related to a China-Arab summit in Riyadh, Saudi Arabia, in 2022, said Lior Rochberger, senior researcher at the company. They also searched for names such as including Chinese President Xi Jinping and his wife, Peng Liyuan, in the context of that summit, the researchers said.
The researchers declined to specifically identify which countries had their systems breached in the hacking campaign, but wrote in the report that the group’s targeting patterns “align consistently with the People’s Republic of China (PRC) economic and geopolitical interests.”
Palo Alto Networks said the cyber-espionage unit’s operations frequently coincide with major world events, but stopped short of saying definitively that the hackers are sponsored by the Chinese government.
“When I found them searching for specific diplomatic keywords and then exfiltrating emails from embassies and military operations, I realized this was a serious intelligence collection effort,” Rochberger said.
The company refers to the hacking group as Phantom Taurus.
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, said that hacking is a problem for all countries, including China, and that the country opposes all forms of cyberattacks.
“Cyberspace is highly virtual, difficult to trace, and involves a diverse range of actors,” he said. “Tracing the source of cyberattacks is a complex technical issue, that requires solid and full evidence.”
The report is the latest by cyber researchers who have warned that Chinese hackers are aggressively targeting industries across the world. Alphabet Inc.’s Google said on September 24 that a Chinese group compromised US technology companies. Earlier in September, suspected attackers impersonated the Republican chair of the House Select Committee on China in a series of attempts to steal sensitive data on trade negotiations, according to the committee.
Many of Phantom Taurus’ breaches had a “tight correlation to specific geopolitical events or military maneuvers,” Assaf Dahan, director of threat intelligence at Palo Alto Networks, said in an interview. Other espionage activities sought information related to countries including Afghanistan and Pakistan, according to the report.
Photo: Microsoft signage is displayed outside a Microsoft Technology Center in New York. Photographer: Jeenah Moon/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
Amazon Sues to Block New York State Labor Law 
Viewpoint: The New Era of Insurance Pricing Involves Precision, Speed, and Control 
Reviving RadioShack Online Turned Into Ponzi Scheme, SEC Claims 
Gallagher Sues Two Former Brokers Who Started Own Firm 
