Well-connected security biz FireEye is claiming Chinese hackers are trying to break into South Korea's military to halt the deployment of an anti-ballistic weapons system in the country.
In an interview with the Wall Street Journal, FireEye's director of cyber-espionage analysis John Hultquist said his organization – which is bankrolled by the CIA – has detected attacks targeting the deployment of the Terminal High Altitude Area Defense (THAAD) missile system, which is designed to shoot down incoming ICBMs – something it's very bad at. THAAD is, basically, the anti-ballistic-missile part of the Star Wars defense system.
Hultquist claimed that two Chinese cracking teams were spotted carrying out the digital attack – which kicked off after South Korea agreed to host missile systems and radars that form the THAAD. China has long been in opposition to the deployment since it was announced, and now FireEye is claiming that the Middle Kingdom has gone on the cyber-offensive.
FireEye has dubbed one group the Tonto team, and say the group is based in the north of China and has links to North Korean assaults. The other, dubbed APT10, is thought to be linked to Chinese military intelligence and has been active for a number of years.
According to Hultquist, key targets were sent spear phishing emails with weaponized attachments, and at least one person slipped up. But a corresponding failure in operational security allowed FireEye to track the assaulters' movements, he claimed.
If true, this is a worrying uptick in online warfare. But until FireEye offers specific details, file this one in the "possible" category. ®