Yahoo Finance Chinese embassy in Netherlands rejects 'groundless' Dutch hacking claims
Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.
The Chinese embassy in the Netherlands on Wednesday condemned the "groundless accusations".
It is the first time the Netherlands has publicly attributed cyber espionage to China, as national security tensions grow between the two countries.
Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.
"It is important to ensure that espionage activities of this nature committed by China become public knowledge since this will help to increase international resilience to this type of cyber espionage," Dutch Defence Minister Kajsa Ollongren said.
The agencies, known by their Dutch acronyms MIVD and AIVD, said the hackers had placed malicious software, or malware, that cloaked its own activity inside an armed forces network used by 50 people for unclassified research.
"MIVD & AIVD emphasise that this incident does not stand on its own, but is part of a wider trend of Chinese political espionage against the Netherlands and its allies," they said in their report.
In response, China's embassy in The Hague insisted Beijing "always firmly opposes and cracks down on cyberattacks in all forms in accordance with the law".
"We will not allow any country or individual using Chinese infrastructure to engage in such illegal activities," it said in a statement on its website.
"China opposes any malicious speculations and groundless accusations," it added, describing cybersecurity as a "common challenge of all countries".
Beijing routinely denies allegations of cyber espionage and says it opposes all forms of cyberattack.
Last April, AIVD said in an annual assessment that China posed the greatest threat to the Netherlands' economic security with espionage attempts targeting hi-tech companies and universities. A prime target is ASML, based in the southern city of Veldhoven - the world's dominant supplier of lithography machines for making computer chips.
In a separate report, also last April, the MIVD said China was illegally attempting to acquire Dutch space technology.
It was not clear from Tuesday's report what information the hackers were trying to obtain. The agencies said the damage was limited because the network was separate from the ministry's main system.
Last month, Reuters reported that the US government had launched an operation to fight a pervasive Chinese hacking operation, dubbed "Volt Typhoon", that compromised thousands of internet-connected devices. It was not clear from the report if the activity revealed by the MIVD and AIVD was connected.
The malware, known as Coathanger, appeared able to conceal its own presence, at least for a time. The agencies named it after a snippet of code that contained a line from "Lamb to the Slaughter", a short story by British author Roald Dahl.
That line, "She took his coat and hung it up", describes the moments before a wife murders her unsuspecting husband with a frozen leg of lamb.
#FBI Director Wray announced that the FBI, with partners, conducted a technical operation against the People's Republic of China's malware, known as Volt Typhoon, and took decisive actions to disrupt the activity through the use of our unique authorities, tools and capabilities. pic.twitter.com/FmPzEurylO
- FBI (@FBI) January 31, 2024
"Coathanger" remains on a device even after an update or reboot, and deletes itself from virus scan results.
The report assessed with "high confidence" that both the hacking and the malware were the work of "a state-sponsored actor" from China.
It said the implant had also been found on the network of a Western international mission as well as a handful of others, adding: "The malware has been developed specifically for FortiGate devices, which are used by organisations as a firewall to protect their systems."
Fortinet, the maker of the firewall, which is used worldwide, did not immediately respond to a request for comment.
Reuters, Agence France-Presse and Bloomberg
This article originally appeared in the South China Morning Post (SCMP), the most authoritative voice reporting on China and Asia for more than a century. For more SCMP stories, please explore the SCMP app or visit the SCMP's Facebook and Twitter pages. Copyright © 2024 South China Morning Post Publishers Ltd. All rights reserved.
Copyright (c) 2024. South China Morning Post Publishers Ltd. All rights reserved.
