Updated 11:29 AM EDT, Tue, Jun 16, 2020

Make CT Your Homepage

China Uses Hackers to Attack US Missile System THAAD in South Korea, Research Says

China is reportedly using hackers to target THAAD, a US missile defense system installed in South Korea.

(Photo : Getty Images) China is reportedly using hackers to target THAAD, a US missile defense system installed in South Korea.

American cybersecurity firm FireEye told The Wall Street Journal that China has used hackers to target the Terminal High-Altitude Area Defense (THAAD), US' missile defense system installed in South Korea.

Like Us on Facebook

It revealed that it had detected a surge in attacks against South Korea targets from China and their activities have increased since February after Seoul revealed THAAD's deployment. Those attacks included a denial of service against the website of South Korea's Ministry of Foreign Affairs, in which Seoul said has originated from Beijing.

According to the firm, "two cyberespionage groups that the firm linked to Beijing's military and intelligence agencies have launched a variety of attacks against South Korea's government, military defense companies, and a big conglomerate."

John Hultquist, FireEye's director of cyber-espionage, said that one of the groups called Tonto Team by FireEye is linked to China's military and based on the same area of China where North Korean hackers are known to be active. The other is dubbed as APT10 (or Stone Panda) by threat researchers and is believed to be the same group that launched espionage attacks against US companies trying to persuade the Trump administration on global trade, the Ars Technica reported.

Aside from these two, other so-called hacktivists-patriotic Chinese hackers, which are not directly associated with the government, have independently carried out their own attacks. The groups hid behind the names "Panda Intelligence Bureau" and the "Denounce Lotte Group," which is allegedly targeting South Korea's Lotte firm that paved way to the THAAD deployment through a land swap with the government.

They have also included "spear-phishing" emails with attachments containing malware and "watering hole" attacks that uses code to download malware onto websites frequently visited by military, government, and defense industry officials, according to Russia's Kaspersky Lab ZAO.

Real Time Analytics