European Union member states are considering a possible joint response to cyber attacks allegedly conducted by a Chinese state-linked hacker group after the U.K. presented evidence last month about network infiltration, according to people familiar with the matter.
U.K. experts briefed EU colleagues at a technical meeting on Jan. 28, providing evidence of both software and hardware attacks by the group known as Advanced Persistent Threat 10, or APT 10, said some of the people, who asked not to be identified as the talks were private. They wouldn’t give details about the alleged hardware attack, saying the information was classified.
Officials who were at the meeting discussed potential responses, such as sanctions or a joint warning, according to two of the people. The issue will probably be discussed at a scheduled EU-China Summit in April, one of the officials said.
The focus on APT 10 is part of a broader clampdown by Europe and the U.S. on alleged espionage and intellectual property theft by China. The hacker group was at the center of indictments in December by the U.S. Justice Department, which accused Chinese officials of orchestrating a decade-long espionage campaign that involved infiltrating companies in the U.S. and more than a dozen other countries, drawing a strong denial from China.
The U.K.’s evidence on APT 10 is related to those indictments, one of the people said.
“Some countries’ accusations against China on the cyber-security issue are unfounded and groundless, driven by ulterior motives,” the Chinese Mission to the EU said in a statement when asked about the allegations. “We urge the relevant parties to stop defaming China, so as not to undermine their bilateral relations and cooperation with China.”
For any retribution against China tied to cyber attacks, the EU would need to agree unanimously that the country was responsible and not all EU members currently agree, according to one of the people familiar with the matter. The EU is developing protocols to respond to malicious cyber activities, for instance by imposing sanctions, but it can be challenging to clearly attribute actions to any individuals or nation-state.
The U.K. Foreign Office in December joined Washington in pressing the accusations against APT 10, saying that the group acted on behalf of the Chinese government “to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the U.S.”
NATO defense ministers will also address the threat of Chinese cyber-attacks when they meet in Brussels on Wednesday.
“We have seen the reports from allies about their concerns about Chinese activity related to infrastructure and cyber and these are reports we take seriously and we will continue to consult on these issues,” NATO Secretary General Jens Stoltenberg told reporters in Brussels on Tuesday. “One of the challenges of the cyber attacks, and we have seen more and more of them, is attribution.”
Spear Phishing
The U.S. Justice Department claimed that the group used a technique known as spear phishing, in which emails that pretend to be from legitimate addresses are sent with attached documents and files that secretly install malware if opened. That can give hackers access to a subject’s computer and allow them to steal user names and passwords, files and other information.
The U.S. indictments, which didn’t mention any hardware attacks by the group, also said the hackers targeted the networks of managed service providers, which remotely manage businesses and governments’ IT infrastructure, in order to gain unauthorized access to their clients’ networks.
Cybersecurity firm FireEye Inc., which has been tracking APT 10 since 2009, says the Chinese cyber espionage group has historically targeted construction and engineering, aerospace, and telecom firms, and governments in the U.S., Europe, and Japan, in a bid to support Chinese national security goals of acquiring military and intelligence information.