Chinese hackers target over 27 universities in the US and around the world to gain access to military research data, according to a report by cybersecurity firm iDefense, which was obtained by The Wall Street Journal.
The hackers sent universities spear phishing emails doctored to appear as if they came from partner universities, but they unleashed a malicious payload when opened. Universities are traditionally seen as easier targets than US military contractors, and they can still contain useful military research.
Twenty-seven universities were found to have been targeted by the group, including the Massachusetts Institute of Technology, the University of Washington, and other colleges in Canada and Southeast Asia. iDefense didn’t name every school in the report due to ongoing investigations, but anonymous sources told the WSJ that Penn State and Duke University were two of the other targets.
The cyber attacks focused on universities that either studied underwater tech or had faculty with relevant backgrounds. Many had ties to the US’s largest oceanographic research institute, which itself has ties to the US Navy’s warfare center. iDefense said it was highly confident the institute had been breached.
The group has been given various nicknames by security researchers, like Temp.Periscope, Mudcarp, or Leviathan. Its connection to the Chinese government is unclear, but because the group appears to be targeting US military data, analysts believe the Chinese government is a likely sponsor.
The same was reportedly behind the hacking of a US Navy contractor last June.
The report of more Chinese cyberattacks comes at a diplomatically sensitive time when the US is weighing large security concerns against tech companies like Huawei and ZTE. Huawei and ZTE both deny the accusations.