Chinese hackers accused of spear phishing universities in US

The US is accusing hackers in China are being accused of attempting to infiltrate university IT systems to obtain classified navy information.

It is reported that the University of Hawaii, University of Washington, and Massachusetts Institute of Technology (MIT) in Boston are among the 27 educational bodies to have been hit by gang, which used malicious emails as part of its targeting, security research firm, iDefence says.

A study conducted by iDefence was first picked up by the Wall Street Journal, claims that the cyber espionage group put together a sophisticated operation against institutions across North America and South East Asia.

A full account of precisely which educational institutions were hit has not yet been made public, but iDefence says they are all linked by research into underwater warfare technology, specifically the launching of submarine missiles.

Many of the colleges also had affiliations with the Woods Hole Oceanographic Institution – the largest research hub of its kind in the States – which has strong associations with the US navy.

It looks as though spear phishing was the main tactic employed by the hackers, a practice which involves sending emails that are designed to look like emails from other universities. The spear phishing versions, however, contain malware which enabled the cyber-criminals to access private data stores and research files.

Speaking to the BBC news website, Ewan Lawson, senior research fellow at the Royal United Services Institute, said:

“If a university is operating with classified material it should operate to the same standards as the government.

“But the reality of a lot of this is that [the hackers] are not necessarily going after classified material. They may be trying to identify who the researchers are, who the key thinkers are.”

Engineers responsible for compiling the iDefence report claim that they have “moderate to high confidence” that the cyber-attacks were launched by Chinese hackers known as Mudcarp, Leviathan, APT40, or Temp.Periscope, and that the campaign is likely to have been state-sponsored.

The conclusion was reached after the malware was broken down and analysed by specialists in the US, to reveal tactics and practices common with previous Mudcarp work.

The report says:

“Any technology or program that involves the delivery or launching of a payload from a submerged submarine, or undersea autonomous vehicles, is of high interest to Mudcarp.”

While the group’s connections to the ruling Communist Party of China (CPC) has not yet been confirmed, no comments stating to the contrary have been released by Beijing.
In 2015, China denied accusations of state-sponsored hacking campaigns, levelled by the US Office of Personnel Management.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.