MARCH 05, 2019
Chinese hackers have attacked at least two dozen U.S. and global universities in an effort to steal military maritime technology secrets.
Major universities in Hawaii, Washington, and Massachusetts are just a few of the targets identified in a hacking campaign that spans back to April 2017, according to iDefense research obtained by The Wall Street Journal on Tuesday.
iDefense, the cybersecurity research group of Accenture Security, is slated to publish a research report this week that details the growing Chinese cyberattacks on sensitive military and economic intelligence.
Some of the targeted universities had contracts with the U.S. Navy. Other targets like South Korea’s Sahmyook University were hit for their presumed intelligence relating to the South China Sea.
The report names The University of Hawaii, the University of Washington and Massachusetts Institute of Technology among the targeted universities, but does not include names of other prominent U.S. schools. Sources claiming to be related to the research told the WSJ that Penn State and Duke University were other targets.
The university networks were breached with phishing emails that hackers designed to look like real messages from other universities. The emails were secretly packed with spyware instead.
“Universities are pretty willing to share information in pursuit of academic information,” said Howard Marshall, who leads iDefense threat intelligence operations. “But as a lot of our adversaries have discovered, that is a sweet spot for them to operate.”
Marshall said China’s hacking efforts are intended to acquire research that would both rival the weapons capabilities of the U.S. and reveal the Pentagon’s strategic plans.
“To have knowledge of where our military capabilities are going is of extreme importance to them,” he said.
The plot has fooled many universities, but uncovering which ones were targeted has not been an easy task.
The breached universities were discovered by iDefense when they identified the university networks communicating with Chinese servers associated with prominent Chinese hackers.
Researchers have previously deemed the Chinese hackers several names including Temp.Periscope, Leviathan, or Mudcarp — the same ones responsible for stealing U.S. Navy submarine plans, along with some of the highest Navy technology and classified secrets.
iDefense’s findings were similar to earlier research conducted by cybersecurity group FireEye.
“They are a full-fledged operation,” said Ben Read, senior manager for cyber espionage analysis at FireEye. “And they are not going anywhere.”
Upon discovery of a cyberattack, universities routinely notify partners and government agencies about the attack, but it’s not clear what response takes place afterward.