Verdächtige chinesische Hacker dringen in E-Mail-Server von Außenministerien ein

Cyberangriff auf diplomatische Kommunikationskanäle – Sicherheitslücken in Regierungsnetzwerken ausgenutzt

Angriffsvektoren

Phishing-Kampagnen zielten spezifisch auf diplomatisches Personal ab, während Zero-Day-Exploits bestehende Sicherheitsprotokolle umgingen. Die Angreifer nutzten fortschrittliche persistente Bedrohungen (APTs), um sich monatelang unentdeckt in den Systemen zu bewegen.

Betroffene Infrastruktur

Mehrere nationale Außenministerien bestätigten Kompromittierungen ihrer Exchange-Server, wobei sensible diplomatische Korrespondenz abgeflossen sein soll. Die Angriffe zeigen erneut, wie traditionelle Finanzkontrollen gegen digitale Spionage chancenlos bleiben – während Bitcoin-Transaktionen wenigstens pseudonym bleiben, stehen Regierungskommunikationen praktisch im Schaufenster.

Researchers track hackers to Phantom Taurus campaign

“When I found them searching for specific diplomatic keywords and then exfiltrating emails from embassies and military operations, I realized this was a serious intelligence collection effort,” Rochberger said. Palo Alto Networks calls the hacking group Phantom Taurus.

The company said the breaches went beyond simple spying, showing a focus on strategic events and military movements.

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, responded that hacking is a problem for all countries, including China, and that the government opposes all forms of cyberattacks.

“Cyberspace is highly virtual, difficult to trace, and involves a diverse range of actors,” he said. “Tracing the source of cyber attacks is a complex technical issue, that requires solid and full evidence.”

The Palo Alto Networks report also highlighted how suspected Chinese hackers are now targeting industries worldwide. On September 24, Alphabet Inc.’s Google stated that a Chinese group had compromised US technology companies.

Earlier in September, suspected attackers impersonated the Republican chair of the House Select Committee on China in attempts to steal sensitive data on trade negotiations, according to the committee.

Assaf Dahan, director of threat intelligence at Palo Alto Networks, said many of Phantom Taurus’ breaches had a “tight correlation to specific geopolitical events or military maneuvers.” The report also said that other espionage activities sought information related to countries, including Afghanistan and Pakistan.

Join a premium crypto trading community free for 30 days - normally $100/mo.