Chinese cyberattack aimed at Alaska following trade mission

Chinese hackers tried to find weak points in Alaska networks in recent months, at about the same time as a mission promoting the Alaska gas pipeline, according to Recorded Future, a  company that tracks security threats.

"The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations," Recorded Future said.

The company said the network reconnaissance activity has been tracked to Tsinghua University in Bejing, one of the top schools in China. From April 6 to June 24 there were more than 1 million IP connections between the Tsinghua IP and Alaska networks, likely conducted to spot weaknesses and "gain illegitimate access."

"Recorded Future first observed the scanning activity against Alaskan networks in late March, only a few weeks after Gov. Walker announced a trade delegation to China. The activity picked up for a few days prior to the delegation arriving on May 20, 2018, and dropped off as the delegation arrived. Probing of the Alaskan networks remained at low levels until May 28 as the delegation concluded its activities, then ramped up considerably as delegates left China. The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations."

The company said the efforts to find computer weaknesses also were aimed at Kenya, Brazil and Mongolia, all about the same time as trade discussions on various projects. It said it has "medium confidence" that the "activity is being conducted by a threat actor (or multiple threat actors with access to the same Tsinghua endpoint) directed by the Chinese state."

The networks targeted in Alaska included Alaska Communications Systems, the Alaska Department of Natural Resources, the state of Alaska, Alaska Power & Telephone and TelAlaska.

"The scanning activity was conducted in a systematic manner with entire IP ranges dedicated to the organizations probed for the above ports," the company said.

"There was a further surge in interest between June 20 and June 24 against the State of Alaska and Alaska Department of Natural Resources networks. This was possibly in response to Gov. Walker announcing on June 19 that he intended to visit Washington, D.C. to meet U.S. and Chinese officials to raise his concerns on the growing trade dispute between the two nations."