Chinese hackers used malicious software to monitor journalists and activist groups involved in the Hong Kong protests this year, according to new research from the cybersecurity company FireEye. Attackers used Dropbox and other cloud storage providers to communicate malware after targeting users with a phishing message.
The hackers launched a spearphishing campaign, which involves targeting a specific person with an email that appears to be from a known source, against Hong Kong-based media organizations and protest leaders in August 2015. There is evidence of Beijing’s concern with Hong Kong, where 79 days of pro-democracy demonstrations brought the semi-autonomous city to a halt in 2014. FireEye stopped short of directly linking the Chinese government to the hack but stipulated the attack had the sophistication level of a nation state.
“The media organizations targeted with the threat group’s well-crafted Chinese-language lure documents are precisely those whose networks Beijing would seek to monitor,” FireEye said in a blog post published Tuesday. “Cyberthreat groups’ access to the media organization’s networks could potentially provide the government advance warning on upcoming protests, information on pro-democracy group leaders, and insights needed to disrupt activity on the Internet, such as what occurred in mid-2014 when several websites were brought down in denial-of-service attacks.”