A team of cybersecurity experts has uncovered a sweeping cyber-espionage campaign in which suspected Chinese hackers infiltrated the email servers of foreign ministers and diplomats worldwide. According to researchers at Palo Alto Networks’ Unit 42, the attackers gained access to Microsoft Exchange servers, enabling them to search for sensitive information at select foreign ministries.
The findings, first reported by Bloomberg, suggest that the group has been operating for nearly three years, pursuing intelligence that aligns with Beijing’s geopolitical agenda.
Keywords Point To High-Level Diplomacy
Investigators discovered that the hackers specifically combed through servers for terms tied to the 2022 China-Arab summit in Riyadh. Their searches even included the names of Chinese President Xi Jinping and First Lady Peng Liyuan in relation to the event.
“When I found them searching for specific diplomatic keywords and then exfiltrating emails from embassies and military operations, I realised this was a serious intelligence collection effort,” said Lior Rochberger, senior researcher at Palo Alto Networks.
While the researchers avoided naming affected nations, their report highlighted how the hackers’ activity “align consistently with the People’s Republic of China (PRC) economic and geopolitical interests.” The group has been labelled Phantom Taurus by the company.
China Dismisses Allegations
Responding to the report, Liu Pengyu, spokesperson for the Chinese Embassy in Washington, argued that cyberattacks are a global issue. “Cyberspace is highly virtual, difficult to trace, and involves a diverse range of actors,” he said. “Tracing the source of cyberattacks is a complex technical issue that requires solid and full evidence.”
Broader Pattern Of Cyber Aggression
The revelations add to growing evidence of Chinese-linked hacking activity across industries and governments. Earlier this month, Google said a Chinese group had breached US technology companies. In another case, suspected hackers impersonated the Republican chair of the House Select Committee on China in an attempt to extract details about trade negotiations.
Assaf Dahan, director of threat intelligence at Palo Alto Networks, noted that many of the breaches had “a tight correlation to specific geopolitical events or military manoeuvres.” The company’s research also pointed to efforts targeting information related to countries such as Afghanistan and Pakistan.
The latest disclosure underlines how state-linked hackers are increasingly blurring the line between diplomacy and digital espionage, raising alarms within global cybersecurity circles.
