Chinese Hackers Target UK Think Tanks

China-based hacking groups are repeatedly targeting British think tanks specialising in international security and defence issues.

This is the warning from US security specialist Crowdstrike, which said that the attacks by the Chinese groups have been targeting the groups since April 2017, but not all the hacking attacks were successful.

For years now experts have warned that Chinese hackers have targeted Western organisations, mostly located (but not exclusively) in the defence industry.

Chinese Hacks

Crowdstrike told the BBC that it had seen repeated targeting of think tanks specialising in international security and defence issues.

The BBC said that not all of the UK think tanks targeted were breached.

Crowdstrike said that it had been called in by some think tanks to respond to hack attacks, but a number of think tanks contacted by the BBC declined to comment on the matter.

The security firm reportedly attributes the attacks to a group it calls “Panda”. Crowdstrike reportedly said Panda is based in China and is linked to the Chinese state.

Crowdstrike also said Chinese cyber activity increased in 2017 across the world.

Crowdstrike said that from the summer of 2017, law firms, universities and technology companies were targeted around the world, whilst in the UK think tanks were targeted.

Aggressively Targeted

Dmitri Alperovitch, Crowdstrike’s co-founder and CTO, told the BBC that a number of think tanks that work on Chinese policy were targeted “very aggressively”.

He said those behind the attacks were trying to steal reports – but also any information about connections to government.

“They do believe the think tanks are very influential both in the US and UK,” he reportedly said. “They believe that they may have access to information which is not public.

“In some cases [that] can be true, because you do have a lot of informal channels that these think tank people will have with government officials.”

Alperovitch said Crowdstrike would be brought in after an attack to help investigate, “clean up” and protect the organisations going forward.

Crowdstrike said that even after the Chinese hackers were kicked out, they would try to get back in.

Crowdstrike has been previously been brought in to investigate politically motivated hacking incidents during the US presidential election, including the release of emails stolen from the Democratic National Committee (DNC).

The United States government has officially blamed Russia for that attack.

It said that the ‘Fancy Bear’ hacking group, allegedly linked to the Russian military, had hacked the DNC.

This same group allegedly last month attacked the US Senate and organisations linked to the Olympic Games.

Do you know all about security? Try our quiz!