Towards the end of 2017, Chinese cyber-spies have engaged in a hacking spree that targeted at least four US think tanks and an additional two non-governmental organizations (NGOs), researchers from US firm Crowdstrike revealed in a report published last week.

The attacks started in late October and were carried out in a similar manner, by infecting targets and deploying the Mimikatz credentials harvester and China Chopper web shell on affected servers.

Attackers collected the emails of employees, stole credentials, and deployed second-stage malware. Intruders also used malware to search and steal documents containing terms such as “china,” “cyber,” “japan,” “korea,” “chinese,” and “eager lion” (codename of a US military exercise).

Think tanks are the Holy Grail of nation-state groups

“Think tank” is a term used predominantly in the US to describe organizations that perform research concerning topics such as social policy, political strategy, economics, military, technology, and culture.

In the US geo-political landscape, government agencies hire think tanks to explore military and political scenarios and devise possible outcomes for upcoming government decisions and world events. Think tanks also often run fictive war games.

An attacker with access to research carried out by think tanks will learn of the government’s future plans or the type of political and military scenarios the government is currently exploring.

“China’s renewed interest in targeting Western think tanks and NGOs is hardly surprising given President XI Jinping’s call to improve China’s think tanks, a…