SAN FRANCISCO (Reuters) - A sophisticated group of hackers believed to be associated with the Chinese government, who for years targeted U.S experts on Asian geopolitical matters, suddenly began breaching computers belonging to experts on Iraq as the rebellion there escalated, a security firm said on Monday.
CrowdStrike Inc said that the group is one of the most sophisticated of the 30 it tracks in China and that its operations are better hidden than many attributed to military and other government units.
CrowdStrike co-founder Dmitri Alperovitch said he has “great confidence” the hackers are affiliated with the government, though he declined to provide many details on the matter.
China’s Foreign Ministry repeated that the government opposed hacking and dismissed the report.
“Some U.S. Internet security firms ignore the U.S. threat to the Internet and constantly seize upon the so-called China Internet threat. The evidence they produce is fundamentally untrustworthy and unworthy of comment,” spokesman Hong Lei told a daily news briefing in Beijing.
CrowdStrike has a number of former U.S. government officials on its staff and has produced a number of influential reports on overseas hacking groups.
The United States will press China to resume cooperation on fighting cyber espionage to ensure an orderly cyber environment, a senior U.S. official said on Tuesday ahead of annual talks between the world’s two largest economies this week in Beijing.
Over the past three years, CrowdStrike said it has seen the group it calls “Deep Panda” target defence, financial and other industries in the United States. It has also gone after workers at think tanks who specialise in Southeast Asian affairs, including former government experts.
On June 18, the same day the rebel group Islamic State of Iraq and the Levant, which is also called ISIS, attacked an oil refinery, the Chinese group began going after the digital documents of U.S. think tank employees who are experts in that region, Alperovitch said.
He said that Iraq is the fifth-largest source of crude for China, while China is the largest foreign investor in Iraq’s oil infrastructure, so it would be natural for China to be concerned about the insurrection and potential U.S. responses.
Alperovitch said that while hacking groups suspected of government backing do shift the industries they are going after, he could not recall such a sudden change in “tasking” before this.
“It really suggests you have pretty good control from probably very high levels of Chinese government over these individuals,” he said.
Alperovitch declined to identify the think tanks, which are using CrowdStrike’s detection and analysis tools free of charge.
Additional reporting by Michael Martina and Lesley Wroughton in BEIJING; Editing by Bernard Orr and Matt Driskill