Hackers are alleged to be working from a top Chinese university in order to gather information about American companies and government departments following a trade visit by a US delegation to China earlier this year.
According to a blog post by security researchers at Recoded Future, it was found that network reconnaissance activities were being conducted from China's Tsinghua University targeting government departments in Alaska, a UN office in Nairobi and Kenya Ports Authority. It is also said to have targeted German automotive multinational Daimler AG.
Researchers said they had "medium confidence" that network reconnaissance activities uncovered were conducted by Chinese state-sponsored actors in support of China’s economic development goals.
"The network reconnaissance activity against Alaskan organisations increased following the governor of Alaska’s trade delegation trip to China in late May. Organisations targeted by the reconnaissance activity were in industries at the heart of the trade discussions, such as oil and gas," said researchers.
Around one million connections were made between hackers in China and networks in Alaska between 6 April and 24 June. These attacks followed Alaska’s large trade mission into China dubbed "Opportunity Alaska." This trade mission occurred in late May and was led by Bill Walker, governor of Alaska. one of the highest-profile discussions occurred around the prospect of a gas pipeline between Alaska and China.
"The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations," said researchers.
Another series of attacks happened between 20 and 24 June targeting Alaska Department of Natural Resources and the state government's networks. This was possibly in response to governor Walker announcing on 19 June that he intended to visit Washington, DC to meet US and Chinese officials to raise his concerns on the growing trade dispute between the two nations.
Researchers also observed Tsinghua IP scan ports and probe government departments and commercial entities networks in Mongolia, Kenya, and Brazil. Each of these countries are key investment destinations as part of China’s Belt and Road Initiative.
"We assess with medium confidence that the consistent reconnaissance activity observed from the Tsinghua IP probing networks in Kenya, Brazil, and Mongolia aligns closely with the BRI economic development goals, demonstrating that the threat actor using this IP is engaged in cyber-espionage on behalf of the Chinese state," said researchers.
The IT security company also spotted probes from the same university IP address targeting Daimler AG a day after it cut its profit outlook due to the escalating trade tensions between the US and China.
There were also scans for vulnerabilities Safety NetAccess, which builds wireless networks for hotels, resorts, and other public properties; some of its customers include Hilton, Marriott, Sonesta, and Wyndham hotel chains.
Ross Rustici, senior director, intelligence services at Cybereason, told SC Media UK that these newest developments by China hacking into domestic agencies and corporations shouldn't come as a surprise.
"Not only will the probing likely increase but the Chinese government will continue to use private companies such as BoyuSec out of Guangdong to do their dirty work. This allows the Ministry of State Security (MSS), to gain significant technical expertise while maintaining plausible deniability," he said.