China hackers 'target EU foreign ministries'

A Chinese hacker working on his laptop The researchers say they were able to observe the hackers for about a week

Related Stories

Chinese hackers spied on the computers of five European foreign ministries over the summer, according to research from US security company FireEye.

The hackers sent emails with malware-ridden attachments purporting to detail a possible US intervention in Syria.

The company has not revealed which ministries were targeted but said the malware samples were meant for individuals involved in the G20 talks.

In total nine computers had been compromised, the company told the BBC.

Network reconnaissance

The computers had been targeted in the run-up to the annual summit of the G20 group of nations - which includes China - in St Petersburg, Russia, in September, FireEye said. The talks were dominated by the civil war in Syria.

For a week in August, the researchers said, they had been able to monitor one of the 23 computer servers used by the hackers, which they have dubbed the Ke3chang group after the names of one of the files used in its malicious code.

During the week the malware had been observed in action, no documents had been stolen, they said.

"At that stage it appeared to be about network reconnaissance," senior FireEye researcher Narottama Villeneuve told the BBC.

Carla Bruni

The Ke3chang group has been active since at least 2010, according to the researchers.

Traditionally it has targeted the aerospace, energy and manufacturing industries but they have also delivered malware to hi-tech companies and governments, according to FireEye.

In 2012 it used a London Olympics themed attack and a year earlier used emails purporting to show nude pictures of the then French president's wife, Carla Bruni, researchers said.

But in their latest attack "they appeared to be specifically targeting foreign ministries", Mr Villeneuve told the BBC.

"The hackers were based in China but it is difficult to determine from a technology point of view how or if it is connected to a nation state," he added.

Mr Villeneuve explained how he had gained entry to the hackers' server.

"When they shift infrastructure, the servers are open. I just happened to check the servers when they weren't secured," he said.

However the glimpse into the inner workings of the hackers' command and control centre was short-lived, lasting for just over a week.

Tensions between China and the West over cyber-espionage have been increasing in recent years.

In June the US Defence Secretary Chuck Hagel accused Chinese hackers of accessing secret US weapons programmes.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Baby in boxStrange case

    The remarkable appeal of the Finnish baby boxes

  • WW1 gas mask being demonstratedTrench terror

    Did the soldiers of WW1 have an irrational fear of poison gas?

  • Mitt Romney, speaks at the podium as he concedes the presidency during Mitt Romney's campaign election night event at the Boston Convention 7 November 2012Aura of a loser?

    Mitt Romney looked presidential but could never pull it off

  • A woman holds up a feminist sign.PC virus

    Is liberal speech policing out of control?

BBC Future

(Getty Images)

The secret to eternal life

What if we could back-up our brains?


  • A car being driven by Cruise Automation technologyClick Watch

    The tech which could allow any car with an automatic gearbox to become self-driving

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.