Hacked diplomatic cables show unease over Trump: report

Hackers posted thousands of stolen European Union (EU) diplomatic cables on an open internet site, exposing a tranche of sensitive communications in which foreign officials reportedly expressed concern about President TrumpDonald John TrumpTrump directed Cohen to lie to Congress about plans to build Trump Tower in Moscow during 2016 campaign: report DC train system losing 0k per day during government shutdown Senate Republicans eye rules change to speed Trump nominees MORE.

Area 1 Security, a firm focused on following phishing attacks, tied the ongoing cyber campaign to China, stating that the attack was carried out by a unit within the People’s Liberation Army (PLA).

According to the firm’s press release, the hackers specifically went after the COREU network, which facilitates cooperation on pertinent foreign policy matters between 28 EU countries as well as other organizations like the United Nations.

The discovery of the breach has also cast a spotlight on U.S. relations with China and Russia, according to the The New York Times, which reviewed the contents of the hacked cables.

One cable reportedly detailed a July meeting between European officials and Chinese President Xi Jinping where Xi compares Trump’s “bullying” of Beijing to a “no-rules freestyle boxing match.”

Diplomats also reportedly described a July meeting between Trump and Russian President Vladimir Putin in Helsinki, Finland, as “successful (at least for Putin).”

A cable sent in early March, meanwhile, highlights difficulties between the U.S. and the EU. According to the report, a senior European official in Washington discussed “messaging efforts” to deal “with the negative attitude to the EU in the beginning, which had created a lot of insecurity,” while also suggesting diplomats circumvent Trump by dealing directly with Congress.

Oren Falkowitz, CEO of Area 1 Security, said the fact that hackers went after a network used to conduct foreign policy in times of  is significant.

“The fact that they had access to the network — that is a future risk,” Falkowitz said in a phone interview with The Hill.

Falkowitz said there is nothing "remarkable" about this attack from a "technical perspective," but he says he hopes it will help focus more attention on phishing attacks. He also said it further shines a spotlight on supply chain attacks, noting that the more information is shared with trusted parties, the more vulnerable it becomes.

"The supply chain attacks are increasingly becoming problematic," he told The Hill.

Area 1 Security says it first began to detect the cyber campaign after the hackers targeted E.U. entities like the Ministries of Foreign Affairs and Ministries of Finance, trade unions. think tanks, among others.

The researchers identified a “consistent set of characteristics and chain of events that tie together a larger campaign that includes targeting of the United Nations and the AFL-CIO, in addition to the accessing of diplomatic cables from the European Union’s COREU network,” the press release reads.

Blake Darche, the firm’s chief security officer also downplayed that there was anything groundbreaking about how the hackers carried out this attack.

“Our report is not the first to expose a specific cyber campaign, nor will it have a direct impact on deterring the actors responsible. But it does show three consistent facts about cyber campaigns that make them unremarkable,” Darche said in a statement.

“1. Phishing remains the dominant method through which cyber actors gain access into computer networks 9 out of 10 times. 2. Cyber attacks are more assembly line than individual snowflakes. Very little about this or any other cyberattack is cutting edge computer science 3. Cyber actors continually use their imagination to find the weakest links in the digital chain, as we show here in attacking the MFA of Cyprus to gain access to the entire European Union diplomatic communications network,” he continued.

The European Union’s secretariat in a statement to the Times said it “is aware of allegations regarding a potential leak of sensitive information and is actively investigating the issue.” 

- Chris Mills Rodrigo contributed.

Updated: 4:29 p.m.