Report: Chinese probed Alaska organizations after trade talks in early 2018

As trade tensions between China and the U.S. heated up earlier this year, an Alaskan trade delegation visited China in late May. Immediately following that trip, companies and government organizations in Alaska experienced a dramatic spike in network reconnaissance activities from inside a top Chinese university, according to the cybersecurity firm Recorded Future.

The reconnaissance activity was conducted with infrastructure at Tsinghua University that was previously associated with hacking of geopolitical targets in support of China’s economic development goals, Recorded Future’s researchers said. Chinese computers scanned Alaskan internet service providers and government websites for security vulnerabilities, a tactic that can signal an attempt to conduct cyberattacks.

Research branches at Tsinghua — an elite Chinese research school in Beijing ranked as one of the best technical universities in the world — “also have connections to state organizations with a history of stealing U.S. technology,” Recorded Future’s Sanil Chohan, Winnona DeSombre, and Justin Grosfelt wrote.

The analysis also connected sophisticated cyberespionage activity against Tibet to the university’s infrastructure. But the exact nature of that connection remains unclear.

The same IP address at Tsinghua “has been the source of scanning, brute-force attacks, and active exploitation attempts in the past,” researchers wrote. It “was also observed conducting large-scale network reconnaissance of organizations that were engaged in key trade discussions with Chinese state-owned entities at the time. We believe these reconnaissance activities were not coincidental as they align broadly with China’s strategic and economic interests.”

Between April 6 and June 24, 2018, the same Tsinghua IP connected more than one million times to The Alaska Communications Systems Group, Alaska Department of Natural Resources, Alaska Power & Telephone Company, State of Alaska Government and TelAlaska. That activity has the scope and scale “likely conducted to ascertain vulnerabilities and gain illegitimate access,” researchers wrote.

The scans immediately followed Opportunity Alaska, a trade mission from the state to China as Gov. Bill Walker, an independent, attempted to navigate growing geopolitical tensions between the world’s two greatest economies.

It’s not clear whether the probes resulted in any intrusions, but Recorded Future researchers said they can’t make a conclusion either way. A Tsinghua University official denied the accusation to Reuters, which first reported the research.