Chinese hackers targeted foreign government personnel who visited a US aircraft carrier the day before a contentious international court ruling on the South China Sea, according to a US cyber security company.
The China-based group created an infected document impersonating an official message addressed to officials visiting the USS Ronald Reagan, a nuclear-powered aircraft carrier which conducted patrols of the South China Sea in July.
The suspect document is dated July 11, the day before a tribunal in The Hague ruled against China’s expansive claims in the region. The targets of the attack were delegates from a foreign government due to visit the aircraft carrier that day.
The document contained Enfal malware, which can be used to copy information from an infected computer or download further computer viruses.
According to FireEye, a US cyber security business, the China-based group that designed the suspicious document is the source of previous attempts to compromise US and Vietnamese national defence computer networks.
The likely goal of the “spear-phishing” attack — a attack in the form of an email that appears to be from someone known to the recipient — was to gather information on military manoeuvres and command and control systems, as well as policy issues, the company said.
There is no direct evidence to link the attempt with the Chinese government, and no indication the attack was successful.
According to FireEye’s iSight unit, which identified the attack, the command and control system used for the infected file shared an IP address with a domain previously used by the China-based group.
This system was first identified in June, while the suspect document surfaced in September, FireEye says.
FireEye says the file — which contains details of an itinerary for a visit to the aircraft carrier on July 11 this year — is likely to have been distributed through targeted email messages.
Tensions over the South China Sea have fuelled high levels of cyber espionage in the region, according to a FireEye expert.
“Many governments and militaries in Southeast Asia lack cyber security controls that can effectively match these elevated threats,” said Bryce Boland, the group’s Asia-Pacific chief technology officer.
“For example, personal webmail and unmanaged devices aren’t unusual, and many organisations lack the technology to detect unique attacks which haven’t been seen before.”
The USS Ronald Reagan and its escort ships conducted 53 days of operations in the western Pacific, including the South China Sea, this year.
The South China Sea patrols were intended “to maintain the seas open for all to use”, according to a US Navy statement at the time.
Commander Clay Doss, a spokesman for the US Pacific Fleet, said: “As a matter of policy and for reasons of operations security, we won’t comment on alleged vulnerabilities in networks or our efforts to mitigate them. We have full confidence in the integrity of the Navy’s networks on which we conduct critical operations.”
A US Navy official said that there was no indication the USS Ronald Reagan’s classified information systems had been compromised, nor that the ship’s operations in the South China Sea had been affected. The official said unclassified information about logistics was often shared with contractors and foreign governments to support port visits for ships.
In July a Chinese businessman was sentenced to nearly four years in jail for his part in an alleged conspiracy to steal military technical data from the computer networks of US defence contractors.
US prosecutors claim this conspiracy involved Chinese military officers.