European governments are under attack by Chinese hackers


A Chinese threat actor is targeting Foreign Affairs ministries and embassies in Europe, research shows.

Cyber threat intelligence researchers at Check Point Research (CPR) have identified a trend of attacks by Chinese hackers. They appear to have shifted their attention to European governmental authorities, mostly in Eastern Europe.

The cyberattack campaign, known as SmugX, has been active since at least December 2022. There’s a strong likelihood that it’s an extension of a prior campaign carried out by Chinese threat actors RedDelta and Mustang Panda.

SmugX campaign targets and lures. Source CPR
SmugX campaign targets and lures. Source CPR

Most of the infected .docx and .pdf files used in the attack contained diplomatic content. Researchers got hold of a letter from the Serbian embassy in Budapest, a document stating the priorities of the Swedish Presidency of the Council of the European Union, an invitation to a diplomatic conference issued by Hungary’s Ministry of Foreign Affairs, and an article about two Chinese human rights lawyers sentenced to more than a decade in prison.

Some of the lures used in this campaign. Source CPR
Some of the lures used in this campaign. Source CPR

Threat actors utilized the HTML Smuggling technique, which is used by hackers to trick web security systems and bypass their defenses. It involves hiding malicious code within seemingly harmless HTML tags or elements.