Chinese cyberattacks reportedly targeted the military maritime sector

According to the Wall Street Journal, cyberattacks attributed to Chinese actors have targeted at least 27 universities in Canada, Southeast Asia, and the United States since at least April 2017, including institutions such as MIT, the University of Hawaii, and the University of Washington.

The objective? The attackers reportedly sought to obtain sensitive information related to military technologies in the maritime domain. The attack vector appears to have been relatively conventional: a spear-phishing campaign.

The information originates from the company iDefense and was reportedly confirmed by FireEye. A more detailed report on the matter was expected to be published the following week.

According to the Wall Street Journal, most of the targeted universities were involved in research projects related to underwater technologies or had teams with significant expertise in that field. Many of these institutions reportedly had connections with the Woods Hole Oceanographic Institution, a nonprofit research and education organization based in Massachusetts that was also compromised. As a reminder, this U.S. institution is one of the most prominent organizations in oceanographic research and notably participated in the discovery of the Titanic wreck in 1985.

The intrusions were reportedly detected when university networks began sending regular ping requests to servers located in China, servers that had previously been associated with cyber operations conducted by a Chinese threat group known under several names, including APT40, TEMP.Periscope, Leviathan, and Mudcarp.