A sophisticated group of hackers believed to be associated with the Chinese government, who for years targeted US experts on Asian geopolitical matters, suddenly began breaching computers of experts on Iraq as the rebellion there escalated, a security firm said on Monday.
CrowdStrike said that the group is one of the most sophisticated of the 30 it tracks in China and that its operations are better hidden than many attributed to military and other government units.
CrowdStrike co-founder Dmitri Alperovitch said he has "great confidence" the hackers are affiliated with the government, though he declined to provide many details on the matter. A spokesman for the Chinese embassy in Washington could not be reached for comment.
Over the past three years, CrowdStrike said it has seen the group it calls "Deep Panda" target defence, financial and other industries in the United States. It has also gone after workers at think tanks who specialise in Southeast Asian affairs, including former government experts.
On June 18, the same day that rebel group the Islamic State of Iraq and the Levant, or ISIS, attacked an oil refinery, the group suddenly began going after the digital documents of US think tank employees who were experts in that region, Alperovitch said.
He said that Iraq is the fifth-largest source of crude for China, while China is the largest foreign investor in Iraq's oil infrastructure, so that it would be natural for China to be concerned about the insurrection and potential US responses.
Alperovitch said that while hacking groups suspected of government backing do shift the industries they are going after, he could not recall such a sudden change in "tasking" before this.
"It really suggests you have pretty good control from probably very high levels of Chinese government over these individuals," he said. Alperovitch declined to identify the think tanks, which are using CrowdStrike's detection and analysis tools free of charge.
CrowdStrike has a number of former US government officials on its staff and has produced a number of influential reports on overseas hacking groups.