Skip to content
More from
Bloomberg
Cybersecurity
relates to Singapore Plans Cautious Budget With an Eye on Election
relates to Huawei Fight Sees EU Hit by Crossfire in Tech War's Key Battle relates to The Swiss Go Against the Flow With Online Voting relates to U.S. Warns of Russian, Chinese Cyber Threats at NATO Meeting relates to Skeptical of Artificial Intelligence? You Can Blame the Media This Time relates to America Wants to Talk About Iran, But Europe Doesn’t relates to Russian Firm in Election Hacking Case Loses Bid to Check Mueller relates to Trump Cyber Official Warns Voting Machines Need Paper Trails relates to Crypto Carnage Holds Bitcoin Tracker's Plan for a Basket relates to Automation Actually Creates More Jobs, at Least in the Beginning relates to Singapore Plans Cautious Budget With an Eye on Election
relates to Huawei Fight Sees EU Hit by Crossfire in Tech War's Key Battle relates to The Swiss Go Against the Flow With Online Voting relates to U.S. Warns of Russian, Chinese Cyber Threats at NATO Meeting relates to Skeptical of Artificial Intelligence? You Can Blame the Media This Time relates to America Wants to Talk About Iran, But Europe Doesn’t relates to Russian Firm in Election Hacking Case Loses Bid to Check Mueller relates to Trump Cyber Official Warns Voting Machines Need Paper Trails relates to Crypto Carnage Holds Bitcoin Tracker's Plan for a Basket relates to Automation Actually Creates More Jobs, at Least in the Beginning relates to Singapore Plans Cautious Budget With an Eye on Election
relates to Huawei Fight Sees EU Hit by Crossfire in Tech War's Key Battle relates to The Swiss Go Against the Flow With Online Voting relates to U.S. Warns of Russian, Chinese Cyber Threats at NATO Meeting relates to Skeptical of Artificial Intelligence? You Can Blame the Media This Time relates to America Wants to Talk About Iran, But Europe Doesn’t relates to Russian Firm in Election Hacking Case Loses Bid to Check Mueller relates to Trump Cyber Official Warns Voting Machines Need Paper Trails relates to Crypto Carnage Holds Bitcoin Tracker's Plan for a Basket relates to Automation Actually Creates More Jobs, at Least in the Beginning
Photographer: Jock Fistick/Bloomberg
cybersecurity

EU Considers Response to China Hacking After U.K. Evidence, Sources Say

Updated on

EU Considers Response to China Hacking After U.K. Evidence, Sources Say

  • U.K. experts said to have briefed on software, hardware hacks
  • Europe, U.S. are clamping down on alleged China spying, theft
EU Parliament Building As EU Ministers Try To Meet Debt Deadline
Photographer: Jock Fistick/Bloomberg

European Union member states are considering a possible joint response to cyber attacks allegedly conducted by a Chinese state-linked hacker group after the U.K. presented evidence last month about network infiltration, according to people familiar with the matter.

U.K. experts briefed EU colleagues at a technical meeting on Jan. 28, providing evidence of both software and hardware attacks by the group known as Advanced Persistent Threat 10, or APT 10, said some of the people, who asked not to be identified as the talks were private. They wouldn’t give details about the alleged hardware attack, saying the information was classified.

Officials who were at the meeting discussed potential responses, such as sanctions or a joint warning, according to two of the people. The issue will probably be discussed at a scheduled EU-China Summit in April, one of the officials said.

The focus on APT 10 is part of a broader clampdown by Europe and the U.S. on alleged espionage and intellectual property theft by China. The hacker group was at the center of indictments in December by the U.S. Justice Department, which accused Chinese officials of orchestrating a decade-long espionage campaign that involved infiltrating companies in the U.S. and more than a dozen other countries, drawing a strong denial from China.

The U.K.’s evidence on APT 10 is related to those indictments, one of the people said.

“Some countries’ accusations against China on the cyber-security issue are unfounded and groundless, driven by ulterior motives,” the Chinese Mission to the EU said in a statement when asked about the allegations. “We urge the relevant parties to stop defaming China, so as not to undermine their bilateral relations and cooperation with China.”

For any retribution against China tied to cyber attacks, the EU would need to agree unanimously that the country was responsible and not all EU members currently agree, according to one of the people familiar with the matter. The EU is developing protocols to respond to malicious cyber activities, for instance by imposing sanctions, but it can be challenging to clearly attribute actions to any individuals or nation-state.

The U.K. Foreign Office in December joined Washington in pressing the accusations against APT 10, saying that the group acted on behalf of the Chinese government “to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the U.S.”

NATO defense ministers will also address the threat of Chinese cyber-attacks when they meet in Brussels on Wednesday.

“We have seen the reports from allies about their concerns about Chinese activity related to infrastructure and cyber and these are reports we take seriously and we will continue to consult on these issues,” NATO Secretary General Jens Stoltenberg told reporters in Brussels on Tuesday. “One of the challenges of the cyber attacks, and we have seen more and more of them, is attribution.”

Spear Phishing

The U.S. Justice Department claimed that the group used a technique known as spear phishing, in which emails that pretend to be from legitimate addresses are sent with attached documents and files that secretly install malware if opened. That can give hackers access to a subject’s computer and allow them to steal user names and passwords, files and other information.

The U.S. indictments, which didn’t mention any hardware attacks by the group, also said the hackers targeted the networks of managed service providers, which remotely manage businesses and governments’ IT infrastructure, in order to gain unauthorized access to their clients’ networks.

Cybersecurity firm FireEye Inc., which has been tracking APT 10 since 2009, says the Chinese cyber espionage group has historically targeted construction and engineering, aerospace, and telecom firms, and governments in the U.S., Europe, and Japan, in a bid to support Chinese national security goals of acquiring military and intelligence information.

— With assistance by Viktoria Dendrinou, Helene Fouquet, Benjamin D Katz, and Lyubov Pronina

(Updates with NATO meeting in ninth paragraph.)