Skip to main content

EU foreign ministries attacked by Chinese hackers ahead of G20 talks

A group of Chinese hackers reportedly infiltrated the computers of five European foreign ministries earlier this year.

According to security firm FireEye, a total of nine machines were hacked by a collective dubbed Ke3chang, which distributed emails with infected attachments to snare its targets.

This malware, which disguised itself as files detailing a possible intervention in Syria, was intended to attack figures that were to be involved in G20 discussions held in St Petersburg in September. The Syrian civil war was central to these talks.

FireEye said it was able to monitor one of a number of compromised computer servers for a week in August, during which no documents were seized by Ke3chang.

"At that stage it appeared to be about network reconnaissance," Narottama Villeneuve, a senior FireEye researcher, told the BBC.

China and much of the western world share a rocky relationship in the cyber-security realm. Despite multiple accusations of foul play directed at China by the US, the latter was recently named the most prolific source of cyber-attacks in the world.

"The hackers were based in China but it is difficult to determine from a technology point of view how or if it is connected to a nation state," said Villeneuve.

FireEye has not yet revealed which ministries were affected by the attack.

Image credit: Flickr (\!/_PeacePlusOne)