Targeting of Daimler, state of Alaska and Tibetan groups traced to college computer
By Yuan Yang in Beijing
Cyberwar: An IP address at China's Tsinghua University is the origin of numerous recent cyber-attacks on targets around the world.
China’s top engineering university, Tsinghua University, was the origin of multiple recent cyber-espionage campaigns targeting groups such as the Tibetan community in India and the Alaskan state government, new research has found.
Attacks originating from Tsinghua University's infrastructure also targeted the German carmaker Daimler a day after it issued a profit warning blaming the US-China trade war, according to cyber security company Recorded Future.
Chinese cyber espionage against the US is increasing, US security firms say, giving credence to Washington’s fears that Beijing is stealing technology from US companies — fears that have in part pushed both countries into a global trade war.
Although cyber security firms had previously seen a lull in attacks following a 2015 bilateral agreement to end government-sponsored hacking for commercial purposes, attacks are now back at or above the pre-accord level, experts say.
Recorded Future found that from March this year, a series of attacks emanated from an IP address — an identification number given to every computer connecting to the internet — that belongs to Tsinghua University.
Tsinghua is among the world’s best computer science universities, and owns companies and projects tied to Beijing’s industrial policies, which pursue technological upgrading.
Tsinghua was not immediately available for comment due to the university holiday season.
The IP address in question had engaged in “aggressive scanning” of networks including the government of the US state of Alaska and the Kenyan Ports Authority.
It also attempted to attack a server used by the Tibetan community in India, which had previously been the target of Chinese surveillance as a result of Beijing’s attempts to undermine supporters of the Dalai Lama, the Tibetan spiritual leader reviled by the Communist party leadership as “a wolf in monk’s clothing”.
Recorded Future said that the activity was “conducted by Chinese state-sponsored actors in support of China’s economic development goals”.
Scanning the ports on a network is usually the first step in an attempt to penetrate the network by seeing what openings there are.
However Recorded Future did not find evidence the attacker had successfully obtained sensitive information.
“It makes sense that spy activities are more common now, given the tense economic situation,” said one Chinese security professional, who wished to remain anonymous.
However, he questioned why the attackers did not cover their tracks at all.
Public “Whois” records show the IP address in question was first registered in 1993 as part of a block of IP addresses belonging to the domain tsinghua.edu.cn, with a street address belonging to Tsinghua University.
Aucun commentaire:
Enregistrer un commentaire