U.S. Navy Adm. Samuel J. Locklear, commander of U.S. Pacific Command, returns a salute to Mongolian service members during Khaan Quest 2013 in Ulaanbaatar, Mongolia. ((U.S. Navy photo by Mass Communication Specialist 1st Class Danny Hayes)
Chinese hackers have been planting malware in documents associated with U.S.-Mongolia military exercises in an apparent attempt to interfere with Mongolia's ties to the West, a private American cybersecurity company claims.
According to a recent report by the company ThreatConnect, Chinese hackers created a decoy "weaponized Microsoft Word document" appearing to be an official U.S. Army announcement related to the annual Khaan Quest exercise that Mongolia hosts, and the U.S. supports.
This activity represents Chinese Computer Network Exploitation (CNE) activity against organizations that China perceives to be jeopardizing its interests in Mongolia. As evidenced in the weaponized Khaan Quest document described above, Chinese APT groups will likely continue targeting US military entities involved in cooperation activities with the Mongolian military. Also, western European and other governments that engage with Mongolia diplomatically will be considered CNE targets as well.
Another document, in Mongolian and discussing a joint military exercise with Vietnam, was also found with the same bit of code. ThreatConnect suggests some sort of connection between this operation and the famous Chinese People's Liberation Army hacking operation, Unit 61398. It's hard to tell how seriously to take this -- threat inflation is endemic in the cybersecurity world -- but it's an interesting little look into how Washington and Beijing might be looking at this.