China hacking US firms linked to South China Sea dispute: FireEye

An analyst said hackers have focused on US maritime entities that were either linked to - or have clients operating in - the South China Sea. PHOTO: REUTERS

HONG KONG (BLOOMBERG) - Chinese hackers have launched a wave of attacks on mainly US engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc said.

The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a US-based provider of network protection systems.

The hackers have focused on US maritime entities that were either linked to - or have clients operating in - the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

"They are going after data that can be used strategically, so it is line with state espionage," said Plan, whose firm has tracked the group since 2013. "A private entity probably wouldn't benefit from the sort of data that is being stolen."

The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.


While FireEye traced the group's attacks to China, the firm has not confirmed any link to Chinese government entities or facilities. FireEye declined to name any targets. Although most were based in the US, organisations in Europe and at least one in Hong Kong were also affected, the firm said.

Ministry of Foreign Affairs spokesman Lu Kang told a briefing on Friday (March 16) in Beijing that China opposed all kinds of cyber attacks. "We will continue to implement the important consensus on cybersecurity reached in 2015," he said.

Plan said suspected Chinese cyber-attacks on US targets has picked up in recent months, after both sides agreed not to attack civilian entities.

The 2015 deal to tamp down economic espionage was hammered out between then-US President Barack Obama and President Xi Jinping.

The US indicted five Chinese military officials in 2014 on charges that they stole trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp. after hacks were detected by Mandiant, a unit of FireEye. China denies the charges and argues the country is a victim rather than an instigator of cybersecurity attacks.


Data sought in the latest incidents could be used, for instance, to determine how closely a vessel could sail to a geographical feature, Plan said. "It is definitely the case that they can use this information for strategic decision-making," he said.

The US Navy sometimes conducts so-called freedom of navigation operations to challenge Chinese claims to more than 80 per cent of the South China Sea - one of the world's busiest trading routes. China has reclaimed some 1,290 hectares of land in the waters and built ports, runways and other military infrastructure on seven artificial features it has created.

China has been involved in other attacks related to the South China Sea. In 2015, during a week-long hearing on a territorial dispute in the water, Chinese malware attacked the website of the Permanent Court of Arbitration in the Hague, taking it offline.

The latest attacks were carried out using a variety of techniques including "spear-phishing", in which emails with links and attachments containing malware are used to open back doors into computer networks.

In some examples, the emails were made to look as if they originated from a "big international maritime company", Plan said.

FireEye said in a separate report that government offices, media and academic institutions have been attacked, along with engineering and defence companies. Plan declined to comment when asked whether the US Navy was among the targets.

"Given the type of organisations that have been targeted - the organisations and government offices - it is most likely the case that TEMP.Periscope is operating on behalf of a government office," Plan said.

Join ST's Telegram channel and get the latest breaking news delivered to you.