CHINESE hackers have targeted at least 27 universities in the US, Canada and Southeast Asia to steal maritime military technology and secrets, officials and cybersecurity experts have warned.
Beijing has denied engaging in such cyber attacks – but a substantial list of university targets shows nearly all with links to Woods Hole Oceanographic Institute, a private research facility dedicated to the study of marine science and engineering.
According to Fox News, iDefense, a cybersecurity intelligence unit of Accenture Security – a firm which detects and defends against such attacks – uncovered a substantial list of the universities being targeted.
The list highlights a wide-ranging and elaborate hacking scheme that dates back to at least April 2017 to steal military secrets, The Wall Street Journal (WSJ) said.
The unit’s research is to be reported this week and, according to the WSJ, “is the latest indication that Chinese cyber attacks to steal US military and economic secrets are on the rise”.
The publication has reviewed the findings, which outline a “substantial list of university targets for the first time”.
The WSJ said that most of the universities being targeted were either house research hubs focused on undersea technology, or with faculty on staff who offer extensive experience in a “relevant field.”
Why were they targeted?
The Navy has awarded contracts to some of the institutions, while others, such as Sahmyook University in South Korea, could have been targeted because of their proximity to China, and relevance to the South China Sea, the WSJ quotes analysts as saying.
iDefense said that nearly all have links to Woods Hole Oceanographic Institution, a non-profit Massachusetts-based centre, that was also likely to have been compromised by hackers in the cyber campaign.
The institution is the largest independent oceanographic research institution in America, boasting notable achievements such as locating the Titanic in 1985, more than 70 years after it sunk, the WSJ reported.
US Navy “bolstering cybersecurity”
A Navy spokesperson declined to comment on the hacking at the universities, but said the force recognised the serious nature of cyber threats.
Navy Cmdr. J. Dorsey told Fox News: “The Navy recognises the serious nature of evolving cyber threats and continuously bolsters the department’s cybersecurity culture and awareness, along with our cyber defences and information technology capabilities.”
iDefense said it identified the targeted universities by observing that their networks were pinging servers located in China.
These were allegedly controlled by a Chinese hacking group known to researchers interchangeably as TEMP.Periscope, Leviathan or Mudcarp.
The WSJ reports that researchers based at US cyber firm FireEye, who studied the same hacking group, confirmed that the iDefense findings were “generally consistent with their own intelligence”.
Ben Read, FireEye’s senior manager for cyber espionage analysis, said of the hackers: “They are a full-fledged operation – and they are not going anywhere.”
At least 27 universities singled out
The iDefense report did not name several of the “at least 27” targeted universities.
But, people familiar with the hacking told the WSJ that Penn State – among the top earners of Defense Department research dollars – was among the targets.
A Penn State spokesperson declined to say whether the university had been comprised, saying that the school immediately notifies the government and relevant partners whenever there is a breach.
The spokesperson told Fox News: “We are of course very aware of the persistent threat from both state and non-state actors in the cyber domain, which also has been well-documented by the press and the US Government.
“This threat targets not only cleared defence contractors but also industry, academia and other entities that work with valuable and sensitive information on their computer networks.”
Other universities believed to have been targeted include the University of Hawaii, the University of Washington, Massachusetts Institute of Technology and Duke University.
According to iDefense, the cyberattacks were conducted via phishing emails that posed as a legitimate message from other universities seeking research.
But these were loaded with malicious software.
Most read in World News
Howard Marshall, who leads iDefense threat intelligence operations, told the WSJ: “Universities are pretty willing to share information in pursuit of academic information.
“But as a lot of our adversaries have discovered, that is a sweet spot for them to operate.”
The WSJ said that iDefense found non-public files belonging to the University of Hawaii’s Applied Research Laboratory were “laced with malware and sent to other targets, suggesting a successful intrusion at Hawaii.”
The institution declined to comment.
A version of this article first appeared on Fox News.