By Christopher Bing and Jack Stubbs
WASHINGTON/LONDON (Reuters) – Hackers operating from an elite Chinese university probed American companies and government departments for espionage opportunities following a U.S. trade delegation visit to China earlier this year, security researchers told Reuters.
Cybersecurity firm Recorded Future said the group used computers at China’s Tsinghua University to target U.S. energy and communications companies, and the Alaskan state government, in the weeks before and after Alaska’s trade mission to China. Led by Governor Bill Walker, companies and economic development agencies spent a week in China in May.
Organizations involved in the trade mission were subject to focused attention from Chinese hackers, underscoring the tensions around an escalating tit-for-tat trade war between Washington and Beijing.
China was Alaska’s largest foreign trading partner in 2017 with over $1.32 billion in exports.
Recorded Future said in a report to be released later on Thursday that the websites of Alaskan internet service providers and government offices were closely inspected in May by university computers searching for security flaws, which can be used by hackers to break into normally locked and confidential systems.
The Alaskan government was again scanned for software vulnerabilities in June, just 24 hours after Walker said he would raise concerns in Washington about the economic damage caused by the U.S.-China trade dispute.
A Tsinghua University official, reached by telephone, said the allegations were false.
“This is baseless. I’ve never heard of this, so I have no way to give a response,” said the official, who declined to give his name.
Tsinghua University, known as “China’s MIT,” is closely connected to Tsinghua Holdings, a state-backed company focused on the development of various technologies, including artificial intelligence and robotics.
China’s Defense Ministry did not respond to a request for comment.
Recorded Future gave a copy of its report to law enforcement. The FBI declined to comment.
It is unclear whether the targeted systems were compromised, but the highly focused, extensive and peculiar scanning activity indicates a “serious interest” in hacking them, said Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the National Security Agency’s East Asia and Pacific cyber threats office.
“The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations,” Recorded Future said in the report.
The targeted organizations included Alaska Communications Systems Group In, Ensco Atwood Oceanics, the Alaska Department of Natural Resources, the Alaska governor’s office and regional internet service provider TelAlaska.
Alaska Communications declined to comment. The others did not respond to requests for comment.
U.S.-China trade tensions have escalated in recent months with both sides imposing a series of punitive tariffs and restrictions across multiple industries, and threatening more.
The economic conflict has also damaged cooperation in cyberspace following a 2015 agreement by Beijing and Washington to stop cyber-enabled industrial espionage, Moriuchi said.
“In the fall of 2015, cybersecurity cooperation was seen as a bright spot in the U.S.-China relationship,” she said.
“It was seen as a topic that the U.S. and China could actually have substantive discussions on. That’s not really the case anymore, especially with this trade war that both sides have vowed not to lose.”
(Reporting by Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Gao Liangping and Ben Blanchard in Beijing; Editing by Lisa Shumaker)