European Cyber Agencies Warn of Chinese Espionage ThreatENISA and CERT-EU Say 6 State Hacking Groups Are Actively Probing European Networks
European cyber agencies are warning of cyberespionage threats tied to Chinese state hacking groups actively probing networks in the region.
The European Union Agency for Cybersecurity and CERT-EU single out six Chinese advanced persistent threat groups that they say are leveraging a range of techniques to target European networks and organizations that are of strategic importance. The groups are APT 27, APT 30, APT 31, Ke3chang, Gallium and Mustang Panda.
The report comes about 18 months after the European Union denounced a flurry of Chinese hacking and called on the country to tamp down malicious cyber activities. Attitudes on China in many European counties have hardened over Beijing's support of Russia and concerns about China's treatment of Uyghur Muslims and people of other Muslim ethnicities. China's top diplomat, Wang Yi, is currently on a multiday trip through Europe.
Among the campaigns observed by the agencies is a July 2022 attack against Belgium's ministries of interior and defense attributed to APT 27. Belgium attributed the attacks to APT 27, APT 30 and APT 31 as well as to UNC 2814, Gallium and Softcell.
Other such attacks include the March 2022 hack of European diplomats that cybersecurity firm Proofpoint attributed to TA416 - a Chinese APT group known for targeting victims in the civil society sector.
Chinese state threat actors commonly engage in extensive reconnaissance activities before targeting a victim. The report says APT 31 uses a botnet consisting of compromised small office routing devices to contact the victims anonymously as part of its reconnaissance activity.
Once the hackers have identified their victims, the groups send well-crafted phishing lures, the report says. Then they exploit vulnerabilities to gain initial access on the victim's networks. The hacking groups commonly exploit the Log4Shell vulnerability that affects Apache servers. The U.S. government has also pinpointed Log4Shell as a favored vulnerability of Chinese hackers (see: Log4Shell Among Chinese Hackers' Fave Vulns, Say Feds).