Chinese hackers have been targeting the U.S. maritime industry in spy operations since last summer, cybersecurity firm FireEye said Friday.
The hackers have stepped up their activity over the past two months, a development that's linked to a Chinese cyber espionage group dubbed “TEMP.Periscope” by FireEye that is also known as “Leviathan.” While the group has been active since at least 2013, researchers said its activity dropped off for several years and only reemerged last summer.
The group has largely targeted maritime and engineering focused-entities in the United States, including research institutes, academic organizations and private companies. FireEye has also seen evidence of the group targeting organizations in Europe and Hong Kong.
The group’s targets include those with links to the South China Sea, where tensions have run high as a result of territorial disputes. China has built artificial islands in the region in an attempt to extend its position in the area, despite multiple countries laying claim to territory in the South China Sea.
“We’ve really seen a big upswing in their activity in the last two months,” said Ben Read, senior manager of cyber espionage analysis at FireEye. “They’ve been heavily targeting U.S. entities.”
In 2015, the U.S. and China inked an agreement to deepen cooperation on confronting cyberattacks and stop supporting cyber-enabled intellectual property theft against firms within each others' borders.
While FireEye has not established a definitive connection to the Chinese government, Read observed that the hackers' targets suggest they may be working on behalf of the government in some capacity.
“China is obviously interested in the South China Sea, East China Sea, shipping lanes,” Read said.
He posited that the group could be working on behalf of the Chinese navy.