Analysis of a single C & C server revealed many cyber operations of the government of the PRC
The server from which the attack was made on the EU communications network was used by several government agencies.
Analysis of the C & C server used to attack the diplomatic organization allowed the information security experts to uncover many of the operations conducted by various Chinese cyber-groups. The groups used the same tools, but acted in the interests of various Chinese government agencies.
On Tuesday, May 14, BlackBerry Cylance Threat Intelligence experts published a report on recent attacks by Chinese cybercriminals, based on an earlier study by the American company Area 1 Security.
Last December, experts from Area 1 Security reported on a continuing malicious operation conducted by Chinese "government" hackers. According to them, the attackers gained access to the network of diplomatic correspondence in the European Union. The systems of the Ministry of Foreign Affairs of Cyprus and the entire COREU network used for diplomatic correspondence between the EU countries were compromised. About 100 organizations, including trade unions and scientific organizations, became victims of the attack. Responsibility for hacking presumably lies with the Strategic Support Forces of the People’s Liberation Army of the PRC.
BlackBerry Cylance Threat Intelligence specialists found an interesting detail in the study of colleagues from Area 1 Security – all attacks were carried out from a single C & C server. As shown by further analysis, in addition to the Strategic Support Forces, the server was also used by a number of “variegated” Chinese cyber groups. All of them used the same malware and exploit design patterns, but acted in the interests of various departments.
The researchers managed to find a connection between the Strategic Support Forces and cybercriminals who are engaged in espionage in the interests of the National Security Commission, the People’s Militia and the Ministry of Public Security. If the Strategic Support Forces are interested in military objectives, the agencies listed above monitor activists, representatives of various ethnic groups in China (in particular, Uighurs and Tibetans) and supporters of Taiwan independence.