Security researchers have revealed a Chinese hacking team was spying on five European foreign ministries during September's G20 Summit in Russia.

Chinese Hackers Spied on G20 Summit
US President Barack Obama departs a news conference at the G20 Summit in St. Petersburg on 6 September, 2013. (Reuters)

Researchers for security company FireEye monitored a server being used by a group of Chinese hackers for seven days in August, shortly before the G20 Summit took place in St Petersberg.

The hackers were able to gain access to the officials' computers using the spear phishing method of attack, where tailored emails with malicious files attached were sent to employees in the five foreign ministries.

The files attached bore titles such as "US_military_options_in_Syria" which would seem like plausible file names for those receiving the emails.

The researchers lost contact with the Chinese hackers just before the G20 Summit, when they moved operations to another server. However FireEye researchers believe the hackers were preparing to steal sensitive data from compromised computers.

Intellectual property theft

FireEye refused to name which five foreign ministries were compromised, but did say they were all members of the European Union. The attack has been reported to the FBI, but the agency has yet to comment on the attack.

"The theme of the attacks was US military intervention in Syria," FireEye researcher Nart Villeneuve told Reuters. "That seems to indicate something more than intellectual property theft...The intent was to target those involved with the G20."

The use of Syria in one of the malicious file names was apt as the conflict in the Middle East country was the subject which dominated the Summit taking place between 5-6 September.

FireEye said it could not link the the group of hackers it was monitoring to the Chinese government or military. However is it widely understood that the military in China funds a number of hacking teams, one of which hit the headlines earlier this year for a sustained five year campaign targeting over 140 foreign companies.


Chinese authorities have consistently denied any involvement in the cyber-espionage on foreign targets, claiming it was the victim of US spying - claims which have been given validation this year with the leaked documents from Edward Snowden.

The group, which FireEye has dubbed "Ke3chang" after the name of a file used in one of its pieces of malicious software, previously carried out a campaign called "snake" which lured potential victims with a file containing nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.