Secret EU diplomatic cables exposed during hack
Security firm Area 1 says it discovered a hacking campaign that hit as many as 100 different targets dating back to 2010, including the European Union's secure COREU network — attacks Area 1 attributes to the Chinese government. In the course of the hacking, data, including diplomatic cables, were posted to a public website.
Why it matters: Though the website was not intended for the public to find, its existence meant that anyone who found that site gained access to the documents — including any of the 100 largely public policy-based victims who may have pulled the threads of their own attack.
China appears to be the culprit, according to Area 1's report, because malware, internet addresses and domain registration used in the hack match earlier known Chinese attacks. The victims chosen and data exfiltrated also demonstrate interests like the South China Sea and other topics of relevance to China.
Details: The operation was able to exist so long without being uncovered because the many victims did not employ defenses typical for military or business targets, said Oren Falkowitz, CEO of Area 1.
- "The campaign was able to go so long without being noticed because it was particularly focused on policy-based data and, as a result, some of the organizations were not very well-protected."
- The hackers entered through a phishing attack and used techniques and malware to move around the network that were effective, yet not technologically advanced.
- The campaign was focused on espionage, not the theft of intellectual property. IP theft is often a hallmark of Chinese hacking.