Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

European Cyber Agencies Warn of Chinese Espionage Threat

ENISA and CERT-EU Say 6 State Hacking Groups Are Actively Probing European Networks
European Cyber Agencies Warn of Chinese Espionage Threat
Image: Christian Lue/Pixabay

European cyber agencies are warning of cyberespionage threats tied to Chinese state hacking groups actively probing networks in the region.

See Also: Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape

The European Union Agency for Cybersecurity and CERT-EU single out six Chinese advanced persistent threat groups that they say are leveraging a range of techniques to target European networks and organizations that are of strategic importance. The groups are APT 27, APT 30, APT 31, Ke3chang, Gallium and Mustang Panda.

The report comes about 18 months after the European Union denounced a flurry of Chinese hacking and called on the country to tamp down malicious cyber activities. Attitudes on China in many European counties have hardened over Beijing's support of Russia and concerns about China's treatment of Uyghur Muslims and people of other Muslim ethnicities. China's top diplomat, Wang Yi, is currently on a multiday trip through Europe.

Among the campaigns observed by the agencies is a July 2022 attack against Belgium's ministries of interior and defense attributed to APT 27. Belgium attributed the attacks to APT 27, APT 30 and APT 31 as well as to UNC 2814, Gallium and Softcell.

Other such attacks include the March 2022 hack of European diplomats that cybersecurity firm Proofpoint attributed to TA416 - a Chinese APT group known for targeting victims in the civil society sector.

Chinese state threat actors commonly engage in extensive reconnaissance activities before targeting a victim. The report says APT 31 uses a botnet consisting of compromised small office routing devices to contact the victims anonymously as part of its reconnaissance activity.

Once the hackers have identified their victims, the groups send well-crafted phishing lures, the report says. Then they exploit vulnerabilities to gain initial access on the victim's networks. The hacking groups commonly exploit the Log4Shell vulnerability that affects Apache servers. The U.S. government has also pinpointed Log4Shell as a favored vulnerability of Chinese hackers (see: Log4Shell Among Chinese Hackers' Fave Vulns, Say Feds).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.