Chinese Hackers Stole Maritime Military Secrets From Group Of Universities

What has become an entrenched pattern of optimistic US-China trade headlines being followed by fresh reports about China's cyberespionage campaign played out once again on Tuesday, when the Wall Street Journal published a story about Chinese hackers' efforts to infiltrate more than two dozen universities in the US and around the globe to try and steal maritime military technology.

Instead of citing government sources, WSJ cited findings by private research firm iDefense, which argued that the University of Hawaii, the University of Washington and Massachusetts Institute of Technology were among at least 27 universities in the US, Canada and Southeast Asia that had been targeted by Beijing.

The report essentially previewed a report set to be published by iDefense later this week. In the report, the agency confirms that Robert Lighthizer was right when he warned that China's cyberespionage efforts had only intensified since the beginning of the trade spat, even as the US has insisted that China must cease such activities to win a trade deal. By now, regular readers are familiar with the many different MSS-backed hacking groups that have actively worked to steal trade secrets - groups like ATP10, which was reportedly responsible for the expansive "operation Cloudhopper".


According to iDefense, the organization that masterminded the university intrusions, which focused on undersea technology and mostly targeted schools with ties to the Massachusetts oceanographic institute, is called "Temp.Periscope." The firm has also been linked to the infiltration of Navy contractors and subcontractors.

The research, to be published this week, is the latest indication that Chinese cyberattacks to steal U.S. military and economic secrets are on the rise. The findings, reviewed by The Wall Street Journal, name a substantial list of university targets for the first time, reflecting the breadth and nature of the ongoing cyber campaign that iDefense said dates to at least April 2017.

Chinese officials didn’t immediately respond to a request for comment, but have denied that they engage in cyberattacks.

iDefense said it identified targeted universities by observing that their networks were pinging servers located in China and controlled by a Chinese hacking group known to researchers interchangeably as Temp.Periscope, Leviathan or Mudcarp. Researchers at the U.S. cyber firm FireEye , who have studied the same group, said the iDefense findings were generally consistent with their own intelligence.

An explanation for the name wasn't provided.

Some of the schools had been targeted because of their proximity to the South China Sea (see South Korea's Sahmyook University). Others, because they had been awarded Navy research contracts.

A university consortium called the Woods Hole Oceanographic Institution, a research organization with ties to many of the schools targeted by the group, appeared to be a focus for the hackers. Its systems had been infiltrated, as the hackers apparently sought to obtain research that Woods Hole had lead on undersea communications technology.

Nearly all of the universities shared a common link to Woods Hole Oceanographic Institution, a research and education nonprofit located in Woods Hole, Mass. iDefense said it had high confidence that Woods Hole’s network likely had been breached by the Chinese hackers.

With specialization in marine science and engineering, Woods Hole is the largest independent oceanographic research institution in the US, boasting notable achievements that include locating the Titanic in 1985, more than 70 years after it sunk.

Some of the targeted schools, including MIT, Penn State and the University of Washington, are affiliated with a unit at Woods Hole known as the Acoustic Communications Group, which works on undersea communications technology, according to the nonprofit’s website.

That group also partners with the Navy’s Naval Undersea Warfare Center in Newport, R.I. Reports last year said the Temp.Periscope team had hacked into an unidentified company under contract with the warfare center and stolen secret plans to build a supersonic antiship missile planned for use by American submarines.

Whether this will have any material impact on the trade deal that China and the US are scrambling to finish remains to be seen. But if the past is any indication, Trump will likely brush off this report, like he has so many others, as he tries to secure a deal at any cost.