Some foreign government personnel who visited a U.S. aircraft carrier the day before the international court ruling on the South China Sea was released were reportedly targeted by Chinese hackers, a U.S. cybersecurity company said.
The Financial Times reported that an infected document, posing as an official message, was sent by a China-based group to officials who visited the USS Ronald Reagan, a nuclear-powered aircraft carrier that patrolled the South China Sea in July.
According to the report, the date in the document was July 11, which was the day before the Hague tribunal ruled against China's claims in the region. The foreign delegates were also scheduled to visit the aircraft carrier that day.
Fireye, the U.S. cybersecurity firm said that the suspicious document contained the Enfal malware, which can be used to obtain information from the infected computer or download other viruses.
The malware was allegedly designed by the China-based group in previous attacks against U.S. and Vietnamese national defense computer networks.
The cybersecurity company said that the hackers made it appear that the spear-phishing attack was sent as an email by someone known to the recipient. It was designed to collect information such military manoeuvres, command and control systems and policy issues.
The report said that there was no direct evidence to link the Chinese government to the failed hacking attempt.
The hackers were identified by FireEye's iSight unit through the command and control system, which used an IP address with a domain previously used by the China-based group. FireEye first identified the system in June but the document surfaced only last month.
The file, which has been distributed via email, contains details of the visit to the aircraft carrier on July 11.
A FireEye expert said that cyberespionage heightened in the region astensions over the South China Sea escalated.
"Many governments and militaries in Southeast Asia lack cybersecurity controls that can effectively match these elevated threats," Bryce Boland, the group's Asia-Pacific chief technology officer, said.
"For example, personal webmail and unmanaged devices aren't unusual, and many organisations lack the technology to detect unique attacks which haven't been seen before," the expert added.
The U.S. aircraft carrier and its escort ships conducted 53 days of operations in the western Pacific and the South China Sea, this year, which were intended "to maintain the seas open for all to use," according to a U.S. Navy statement.
"As a matter of policy and for reasons of operations security, we won't comment on alleged vulnerabilities in networks or our efforts to mitigate them. We have full confidence in the integrity of the Navy's networks on which we conduct critical operations," Commander Clay Doss, a spokesman for the U.S. Pacific Fleet, said.
A U.S. Navy official said that the aircraft carrier's classified information systems were not affected, as well as the ships operation in the South China Sea.