Chinese hackers breached email servers of foreign ministers as part of a years-long effort targeting the commun
ications of diplomats around the world, according to researchers at the cybersecurity firm Palo Alto Networks Inc.
Attackers accessed Microsoft Exchange email servers, gaining the ability to search for information at so
me foreign ministries, said the team at Unit 42, the threat intelligence division of Palo Alto Networks, which has been tracking the group for nearly three years.
Hackers specifically searched in the email servers for key terms related to a China-Arab summit in Riyadh, Saudi A
rabia, in 2022, said Lior Rochberger, senior researcher at the company. They also searched for names such as i
ncluding Chinese President Xi Jinping and his wife, Peng Liyuan, in the context of that summit, the researchers said.
The researchers declined to specifically identify which countries had their systems breached in the hacking cam
paign, but wrote in the report that the group’s targeting patterns “align consistently with the People’s Republic of Ch
ina (PRC) economic and geopolitical interests.”
Palo Alto Networks said the cyber-espionage unit’s operations frequently coincide with major world events, bu
t stopped short of saying definitively that the hackers are sponsored by the Chinese government.
Watch More Image Part 2 >>>
“When I found them searching for specific diplomatic keywords and
then exfiltrating emails from embassies and military operations, I realized this was a serious intelligence collection effort,” Rochberger said.
The company refers to the hacking group as Phantom Taurus.
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, said that hacking is a problem for all co
untries, including China, and that the country opposes all forms of cyberattacks.
“Cyberspace is highly virtual, difficult to trace, and involves a diverse range of actors,” he said. “Tracing the source
of cyberattacks is a complex technical issue, that requires solid and full evidence.”
The report is the latest by cyber researchers who have warned that Chinese hackers are aggressively ta
rgeting industries across the world. Alphabet Inc.’s Google said on S
eptember 24 that a Chinese group compromised US technology companies. Earlier in September, suspected attackers im
personated the Republican chair of the House Select Committee on China in a series of attempts to steal sen
sitive data on trade negotiations, according to the committee.
Many of Phantom Taurus’ breaches had a “tight correlation to specific geopolitical events or military maneuv
ers,” Assaf Dahan, director of threat intelligence at Palo Alto Networks, said
in an interview. Other espionage activities sought information related t
o countries including Afghanistan and Pakistan, according to the report.
Photo: Microsoft signage is displayed outside a Microsoft Technology Center in New York. Photographer: Jeenah Moon/Bloomberg