UK Think Tanks Hacked by Groups in China

Some UK think tanks were hacked by China-based groups last year, a US cybersecurity company which said it investigated the breaches has claimed. Crowdstrike said it saw the repeated targeting of think tanks specialising in international security and defence issues, beginning in April 2017.

The group also investigated a breach of the US Democratic National Committee, allegedly by Russian hackers, in 2016.

The BBC understands that not all of the UK think tanks targeted were breached. A number of think tanks contacted by the BBC declined to comment, although Crowdstrike said it was called in by some to respond to hack attacks.

It attributes the attacks to groups they call "Panda", which Crowdstrike said are based in China and linked to the Chinese state.

Crowdstrike said Chinese cyber activity increased in 2017 across the world after a relative lull, most likely when cyber actors focused more on domestic issues.

Previously, the California-based group was asked by the Democratic National Committee to investigate US election hacking in the spring of 2016.

Very Influential

Globally, law firms, universities and technology companies were targeted in the early summer of 2017 - while in the UK think tanks were hit.

Dmitri Alperovitch, Crowdstrike's co-founder and chief technology officer, told the BBC that a number of think tanks that work on Chinese policy were targeted "very aggressively".

He said those behind the attacks were trying to steal reports - but also any information about connections to government.

"They do believe the think tanks are very influential both in the US and UK," he said. "They believe that they may have access to information which is not public.

"In some cases that can be true, because you do have a lot of informal channels that these think tank people will have with government officials."

The company's Global Threat Report for 2018 also stated that cyber attackers "stole data after targeting executives and research fellows".

According to a copy of the report provided to the BBC, the victims included "researchers specialising in nuclear policy and the South China Sea, as well as event coordinators responsible for planning an annual security forum."

Trade Links

The UK's focus on increasing trade with China could also be a motivation, Mr Alperovitch said.

"The UK government is trying to forge closer ties with China in terms of trade," he said.

"That's always of interest to the Chinese government, particularly when the US government is taking a hard line."

He added: "They have been very successful at compromising these organisations."

Mr Alperovitch said Crowdstrike would be brought in after an attack to help investigate, "clean up" and protect the organisations going forward. The company said that even after the Chinese hackers were kicked out, they would try to get back in.

Investigators in the US have in the past charged suspected Chinese hackers

In its report, Crowdstrike said in October 2017 its team noticed a change in tactics - when a Chinese group installed a particular piece of malware on the network of one of the think tanks targeted.

One day later, the same behaviour was observed at a second think tank. The infrastructure used in the attack was also similar to that used to target a southeast Asian telecommunications company around the same time, Crowdstrike said.

The company described the attempts to target victims in different countries and industries, as well as re-using different tools, as "pervasive and brash".

BBC

You Might Also Read: 

Chinese Hacker Groups Shift Focus To India:

UK Under Attack By Russian & Chinese State Sponsored  Hackers:

 

« Which Phishing Messages Have A Near 100% Click Rate?
Cyber Criminals Catch Up With Nation-States »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Ryan Financial Lines

Ryan Financial Lines

Ryan Financial Lines Cyber provides risk transfer solutions for complex cyber and technology exposures, globally.