Middle East experts at major U.S. think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm that works with the institutions.
The group behind the breaches, called “DEEP PANDA” by security researchers, appears to be affiliated with the Chinese government, says Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones have been breached.
Alperovitch said the firm noticed a “radical” shift in DEEP PANDA’s focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues.
China’s need for natural resources has skyrocketed along with its economic profile, and the country has increasingly turned to the Middle East to fuel its energy needs. China surpassed the U.S. as the world’s largest net importer of petroleum and other liquid fuels last September, according to the US Energy Information Administration. In Iraq, China is a major oil investor.
“It wouldn’t be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq,” wrote Alperovitch in a company blog post.
Experts say that breaking into organizations like think tanks can give adversaries access to sensitive communications about international strategy – and potentially allow them to use compromised e-mail accounts to get at other targets: A phishing message coming from a trusted acquaintance at a prominent think tank that asks a user to download an attachment is more likely to succeed than a seemingly random e-mail.
“If you can go after these indirect targets that have some of the information or you can see who they are communicating with you build up a lot of intelligence,” explains Benjamin Johnson a former National Security Agency employee who now works at cybersecurity firm Bit9.
The troubling implication of this is that pretty much everyone is a target, he says. “If you have a relationship with anyone who has something valuable in terms of information, you yourself are a target because it might be easier for them to go after you than the target directly,” Johnson explains.
“It’s similar to when companies are trying to do a merger, and an adversary might go after their law firm or accounting firm where a lot of information might be stored,” he added.
Experts say Chinese interest in U.S. think tanks is part of a larger information gathering strategy aimed at understanding how Washington works. Chinese officials often assume that think tanks and news outlets are being influenced by the U.S. government as their Chinese counterparts are by Beijing, these experts say.
Full article: Chinese cyberspies have hacked Middle East experts at major U.S. think tanks (The Washington Post)