China Spied on Foreign Diplomats During G-20 Summit

China Spied on Foreign Diplomats During G-20 Summit

This post is also available in: heעברית (Hebrew)

European diplomats and ministries of foreign affairs have been targeted during recent G20 meetings by Chinese-speaking hackers conducting espionage campaigns using malware to siphon secrets from compromised computers.

9136383_s featureAccording to Threat Post the latest incidents came in August when spear phishing messages spiked with attachments promising information on U.S. military options in Syria zeroed in on diplomats and foreign ministers prior to the G20 Russia Summit in St. Petersburg in September.

Researchers at security company FireEye infiltrated a command and control server used in this campaign and observed communication between 21 compromised machines and the C&C server; nine of the compromised machines were beaconing back from ministries in five European countries and eight from ministries of foreign affairs. The remainder of the connections were made either by the attackers or security researchers.

Once on a victim’s machine, the attackers were able to use a variety of malicious code samples to not only steal data but also legitimate credentials in order to move laterally on the victim’s networks seeing more vulnerable systems and exposed data.

iHLS – Israel Homeland Security

The attacks, which FireEye said have been active since 2010, have also been used against targets in aerospace, energy, government, high tech, consulting and services, chemicals, manufacturing and mining industries. The lures have been target-specific as well; in separate campaigns, the London Olympics of 2012 as well as the promise of illicit photographs of French first lady Carla Bruni were themes.

The spear-phishing emails are laced with links to sites hosting malware downloads or malicious attachments—a cocktail of malicious screensavers, Java, Microsoft Word and Adobe PDF exploits, some dating back to 2010.

In addition to this summer’s G20 campaign, the same campaign targeted the 2012 London Olympics, targeting a single chemical manufacturer with a phony PDF schedule of the Summer Games, as well as the 2011 Paris G20 Summit, this time promising nude pictures of Bruni, the wife of French president Nicolas Sarkozy.