Turning their efforts away from breaching the networks of U.S. think tanks that monitor Asian politics, one of China's top hacker groups is now focused on the US involvement in the Middle East, according to security firm CrowdStrike.
Because U.S. think tanks are generally structured as non-profit groups, CrowdStrike reportedly offers its Falcon Host security software for free to these organizations. CrowdStrike has monitored a group of hackers it has called "DEEP PANDA" for roughly three years, before the security firm noticed the organization's focus shift from Southeast Asia to the Middle East.
Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, stated in a recent blog the change in DEEP PANDA's focus from geopolitical policy in Asian to Iraq is likely linked to raise the power of the Islamic State, formerly known as the Islamic State of Iraq and the Levant. Alperovitch stated he believes the Chinese government wants to keep a closer watch on its Middle Eastern interests.
"In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq's oil sector," stated Alperovitch in the blog post. "Thus, it wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq. In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."
In a news briefing, Hong Lei, a spokesman for China's Foreign Ministry, downplayed CrowdStrike's report on DEEP PANDA.
"Some U.S. Internet security firms ignore the U.S. threat to the Internet and constantly seize upon the so-called China Internet threat," said Lei. "The evidence they produce is fundamentally untrustworthy and unworthy of comment."
Alperovitch said the most commonly targeted think tanks were previous government officials who have retained a large number of contacts in western governments. Hacker groups such as DEEP PANDA seek to intercept correspondence between individuals at think tanks and government officials.
Since CrowdStrike began monitoring DEEP PANDA, the security firms said the group of hackers has use data it collected from think tanks to compromise the security of associated business, government, financial and legal organizations.
"DEEP PANDA presents a very serious threat not just to think tanks, but also multinational financial institutions, law firms, defense contractors, and government agencies," stated Alperovitch. "Due to their stellar operational security and reliance on anti-forensic and anti-IOC detection techniques, detecting and stopping them is very challenging without the use of next-generation endpoint technology like Falcon Host."