Hacker Group Likely Linked to Chinese Regime Spying on NGOs’ Online Activities: Report

December 30, 2019 Updated: December 30, 2019
FONT BFONT SText size

A hacker group “likely” backed by the Chinese regime has focused on non-governmental organizations (NGOs) working on issues relevant to the country for up to five years, according to a recent report.

The cyberespionage group, known as “Bronze President,” used malware to steal data from target networks over a long period of time, suggesting it also sought to monitor the NGOs, U.S.-based cybersecurity firm Secureworks stated in a Dec. 29 report. The group is still active.

The group targeted “multiple” NGOs over a period of several months or even years, the report stated, adding that the organizations all “conduct research on issues relevant to” China.

One of the allegedly targeted organizations is a human rights group that has raised awareness about the regime’s repression of Muslim minorities in the northwestern region of Xinjiang, as well as about pro-democracy activists in Hong Kong, Sky News reported.

Bronze President also collected login credentials for the NGOs’ social media and email accounts, Secureworks stated.

The report concluded that the group is “highly likely” to be based in mainland China.

“It is likely that Bronze President is sponsored or at least tolerated by the PRC [People’s Republic of China] government. The threat group’s systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups,” it added.

In addition to NGOs, the reported noted that the group also targeted political and law enforcement organizations in countries near China, such as Mongolia and India, revealing the group’s “likely intent to conduct political espionage in other countries.”

Among the targets were national security and humanitarian organizations in East, South, and Southeast Asia, it stated.

Mike McLellan, a threat intelligence expert at Secureworks, told Sky News that the NGOs may have been targeted because of their work on controversial issues relating to China, such as Hong Kong, which has been embroiled in months-long protests against the regime’s growing interference, as well as the treatment of China’s Muslim minorities.

“I think the Chinese government will try and gather information around those kinds of events,” McLellan told the outlet.

“It will want to understand how opponents are thinking, how regional partners might be thinking and one of the ways they will do that is go out and try to gather information through means such as cyber attacks. … I think there’s every chance those kind of real world events are all tied up with the same campaign that we’ve seen here.”

The report comes weeks after Dutch cybersecurity firm Fox-IT found that a hacking group linked to the Chinese regime has resumed global attacks, stealing data from companies and government agencies.

According to Fox-IT, the group called APT20, after laying dormant, for the past two years has been targeting government entities and companies in 10 countries, including the United States. The businesses are in a wide variety of industries, including aviation, finance, health care, energy, insurance, gambling, and construction.

The hacker group, also known as Violin Panda, is “likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes,” the report stated.

Follow Cathy on Twitter: @CathyHe_ET