The American cybersecurity firm FireEye claims it has evidence that state-sponsored Chinese hackers “targeted at least one party” associated with the THAAD anti-missile system.
THAAD is currently being deployed in South Korea to defend against North Korean missile threats. The Chinese are strongly opposed to this because they believe THAAD’s radar could be used to monitor activity within China.
China has allegedly conducted boycotts of South Korean business interests in reprisal for THAAD deployment and has implied it will test its own new weapons systems if the U.S. continues installing missile shields in Asia.
FireEye cyber espionage analysis director John Hultquist told CNN the Chinese hackers seemed to have been gathering information about THAAD rather than attempting to control or disrupt the system.
“If it were done in retaliation we’d expect some sort of follow on disruption or destruction of it, which we didn’t see. Typically, when we see cyber espionage actors, they prefer to stay quiet and remain on target where they can gather as much intelligence as possible,” he noted.
Hultquist expressed confidence in the identity of the hackers, discarding the notion that the culprits might have been North Koreans or some other third party merely pretending to be Chinese.
In a more specific account given to the Wall Street Journal, FireEye said two cyber espionage units “linked to Beijing’s military and intelligence agencies” conducted a “variety of attacks” against government and military systems in South Korea, along with defense contractors.
FireEye told the Wall Street Journal it had identified the specific hacker units involved. It also noted that Chinese cyber espionage units have a long history of hacking South Korean government and business entities, with some degree of success.
The state-sponsored Chinese hackers were reportedly assisted by “patriotic hacking” groups sympathetic to the Chinese government but not directly controlled by it, including one group that specializes in targeting South Korean conglomerate Lotte. Lotte provided the land needed for setting up the THAAD system.
The South Korean Ministry of Foreign Affairs said it repelled a significant cyber attack from China in March. There has been no official statement on whether this attack targeted THAAD or entities associated with it.