According to researchers at FireEye, Chinese hackers targeted the South Korean Terminal High Altitude Area Defense (THAAD) missile system.

According to a new investigation conducted by security firm FireEye, Chinese hackers are trying to hack systems used by South Korea military to interfere with the deployment of an anti-ballistic weapons system.

The news was confirmed by the FireEye’s director of cyber-espionage analysis John Hultquist in an interview with the Wall Street Journal.

FireEye has observed cyber attacks aimed to hack the Terminal High Altitude Area Defense (THAAD) missile system. The THAAD system was designed by South Korea to protect the country from the incoming intercontinental ballistic missile (ICBMs), it is part of the Star Wars defense system.

South Korea is deploying Lockheed Martin’s THAAD missile defense system (Image source Ars Technica)

China has long been in opposition to the deployment of the THAAD since South Korea announced it as a key component of its defense infrastructure.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.” reported the WSJ.

According to FireEye, at least two different Chinese hacking crews were involved in cyber attacks against the South Korean military systems that in some way were linked to the design and deployment of the THAAD.

The two teams involved in the attack are the Tonto team and the notorious APT10.

“One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst.” continues the WSJ. “FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.” 

Hackers launched spear phishing attacks using messages with weaponized attachments. According to FireEye, at least one person felt victim of the attacks, anyway, FireEye was able to profile the threat actors and track the APTs’ movements.

“Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.” 

China’s Ministry of Defense recently declared that People’s Liberation Army “has never supported any hacking activity.”

Pierluigi Paganini