Google says China's state-sponsored hackers are targeting Ukraine

Android Police

By Steve Huff

Published Mar 18, 2022

This is unsettling

Source: Pixabay

Hackers funded by state money have been fighting battles online for years. With the ongoing Russian invasion of Ukraine, the cyber warfare front went from a simmer to a boil. While the combatants on the ground and in the air at the moment are primarily from two countries, reports from Google's Threat Analysis Group (TAG) indicate there are more players involved in cyberspace, including hackers working for China's military.

According to Bleeping Computer, Google informed Ukraine earlier this week about a hacking threat from attackers employed by the Chinese government. TAG engineer Billy Leonard tweeted that the team had managed to identify government-backed actors based in China going after Ukrainian state organizations and sounded the alarm.

The "CN PLA" Leonard refers to in the tweet is the Chinese People's Liberation Army (PLA). In a tweet of his own, Shane Huntley, the head of TAG, confirmed the news, noting that Russia's assault on Ukraine "isn't only attracting interest from European threat actors. China is working hard here too." Google had already warned of China-based hacking threats against Ukraine on March 7 in a TAG "update on the threat landscape." In this case, it came from a group that calls itself Mustang Panda. Google noted that this was a shift in focus for these hackers, who reportedly tend to go after victims based in Southeast Asia.

Bleeping Computer pointed out that these reports appear to have been confirmed by other groups focused on tracking and revealing the actions of Chinese hackers — and that while there was a clear switch in focus for some of the groups, there has been a broader onslaught of hacking efforts aimed at European targets in general.

It's jarring to learn that China's PLA is involved in any action against Ukraine at all. For now, it may be that military cyber threats are essentially the equivalent of breaking and entering in an attempt to ferret out classified information. The People's Liberation Army may just want to stay informed. Unfortunately, what the PLA really plans to do with any exfiltrated data remains an open and anxiety-inducing question.