Chinese computer hackers are believed to be targeting commercial shipping companies across Europe.
According to Norwegian state broadcaster NRK, USB sticks containing malware have been found plugged into computers on numerous ships for months, first on Norwegian and Greek freighters in January, again on vessels in the Netherlands in March, April and May, and most recently on ships in Greece in May and June.
Cybersecurity firm Eset says that it managed to stop the attacks against its own shipping customers in Europe, but warns that other companies may have been exposed over the last few months without knowing. Eset believes the malware attacks — designed to scrape sensitive information from the networks they gain access to — are part of a coordinated effort from a hacker group with ties to China known as Mustang Panda.
Eset malware researcher Alexandre Côté Cyr tells NRK that it’s unclear how the USB sticks are ending up in ship computers, but says that it’s unlikely that hackers plugged them in themselves. Rather, he theorizes that Mustang Panda may have handed out the sticks to unsuspecting people at maritime events, who then brought them on board ships without knowing the USBs actually contained malware.
Relying on what might politely be described as human curiosity, hackers have a history of tempting staff at infrastructure-critical organizations to plug in thumb drives where they shouldn’t. In 2011, according to Wired, the U.S. Department of Homeland Security ran a test by secretly dropping computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60% plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90% were installed.
