Chinese hackers broke into computer systems of five European foreign ministries last September by sending an email containing infected files that loaded malicious codes on the victims’ computers.
The attack, having supposedly taken place before the G20 summit discussing the Syrian crisis, used emails with titles such as "US_military_options_in_Syria," using the situation to trick the recipients. After opening an attachment, a malicious code was loaded on the victims' computers with the intention to provide the hackers with access to sensitive data.
The information has been revealed by a California-based computer security company FireEye, which claims to have monitored the ‘inner workings’ of the main computer server used by the hackers for about a week in late August. FireEye eventually lost the connection after the hackers moved to another server shortly before the St. Petersburg summit. However, the researchers are certain the hackers were preparing to start stealing data just as they lost the access.
According to the New York Times, computer systems of the foreign ministries of the Czech Republic, Portugal, Bulgaria, Latvia and Hungary, were among those successfully targeted.
FireEye said it had been following the group, dubbed Ke3chang, for several years, but this was the first occasion they have managed to document the group’s activities. The experts believe the group is Chinese because of the language and technology they use, though they don’t have any hard evidence to prove the suspicion. There is also no evidence whether or not the group might be connected to the government of China.
“All we have is technical data. There is no way to determine that from technical data," said Nart Villeneuve, one of the researchers working on the report.
FireEye said it reported the attacks to the victims through the Federal Bureau of Investigation. However, the FBI’s spokesperson, Jenny Shearer, declined to comment.
"The theme of the attacks was US military intervention in Syria," said Villeneuve. "That seems to indicate something more than intellectual property theft...The intent was to target those involved with the G20."
The spokesman of China’s Foreign Ministry rejected the claim the country’s government could have any links to the criminal hacking groups.
"US Internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible," the spokesman told a daily news briefing in Beijing.
Western cyber security firms monitor several hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.
China has long denied those allegations, saying it is the victim of spying by the United States. Those claims gained some credibility after former National Security Agency contractor Edward Snowden began leaking documents about US surveillance of foreign countries, including China.