According to researchers at FireEye, Chinese hackers targeted the South Korean Terminal High Altitude Area Defense (THAAD) missile system.
According to a new investigation conducted by security firm FireEye, Chinese hackers are trying to hack systems used by South Korea military to interfere with the deployment of an anti-ballistic weapons system.
The news was confirmed by the FireEye’s director of cyber-espionage analysis John Hultquist in an interview with the Wall Street Journal.
FireEye has observed cyber attacks aimed to hack the Terminal High Altitude Area Defense (THAAD) missile system. The THAAD system was designed by South Korea to protect the country from the incoming intercontinental ballistic missile (ICBMs), it is part of the Star Wars defense system.
South Korea is deploying Lockheed Martin’s THAAD missile defense system (Image source Ars Technica)
China has long been in opposition to the deployment of the THAAD since South Korea announced it as a key component of its defense infrastructure.
“China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.” reported the WSJ.
According to FireEye, at least two different Chinese hacking crews were involved in cyber attacks against the South Korean military systems that in some way were linked to the design and deployment of the THAAD.
The two teams involved in the attack are the Tonto team and the notorious APT10.
“One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst.” continues the WSJ. “FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.”
Hackers launched spear phishing attacks using messages with weaponized attachments. According to FireEye, at least one person felt victim of the attacks, anyway, FireEye was able to profile the threat actors and track the APTs’ movements.
“Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.”
China’s Ministry of Defense recently declared that People’s Liberation Army “has never supported any hacking activity.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.