Single server ties hacked diplomatic cables to Chinese cyberattacks worldwide
Researchers with the BlackBerry Cylance Threat Intelligence team have discovered that a previously uncovered Chinese hacking campaign targeting correspondence between European Union (EU) diplomats, is related to a host of other campaigns by “disparate” Chinese hacking groups. The researchers found that the campaigns make use of a single command-and-control (C2) server and also involve the same malware and exploit builders.
While some of the threat actors are linked to the cyber-military arm of the Chinese government and therefore engage in military campaigns, other hacking groups engage in cyberespionage operations for other Chinese government agencies. These campaigns target members of what the Chinese government refers to as “the Five Poisons,” i.e. Chinese activists, the Muslim minority of ethnic Uyghurs, Falun Gong practitioners, Tibetans, and supporters of Taiwanese independence.