As part of a cyberespionage operation targeting Central Asian countries, Chinese hackers recently sought to breach the computer networks of Afghanistan’s National Security Council, researchers at cybersecurity firm Check Point reported.
The alleged attack by the Chinese-speaking hacking group known to cybersecurity experts as IndigoZebra is the latest in an operation that goes back as far as 2014 and has targeted political entities in neighboring Uzbekistan and Kyrgyzstan, the researchers wrote in a report released Thursday. Other countries might also have been targeted, the researchers said.
The Afghan operation came in early April, when hackers impersonated a senior official in the office of the president of Afghanistan to infiltrate the country’s National Security Council. They did this after gaining access to the official’s email account and using it to send national security officials a “dupe email” urging action about an upcoming press conference.
“Yesterday, I called your office and no one answered it,” the hackers posing as the official wrote in the email. “We have received your file and modified it. There is an error in the third line of the second page. Please confirm whether the error exists.”
Acting on the email would have activated malware, and it remains unclear if anyone on the council fell victim to the attack. A spokesman for the council told VOA he was not aware of the attempted breach.
Lotem Finkelstein, head of threat intelligence at Check Point Software Technologies in Tel Aviv, Israel, said it was highly unusual for hackers to use “ministry-to-ministry” deception, as was the case in Afghanistan, to carry out a cyberattack.
“This tactic is vicious and effective in making anyone do anything for you; and in this case, the malicious activity was seen at the highest levels of sovereignty,” Finkelstein said.
This is the first major Chinese cyberespionage operation in Afghanistan to come to…