A suspected China-based hacking group spun up a phishing campaign around Christmas that mimicked U.S. policy briefings in an attempt to hack diplomats, according to new research from cybersecurity firm Dream Security shared first with Axios.
Why it matters: The campaign successfully infected "a lot of people," Dream CEO Shalev Hulio said in an interview. "We just don't know who and how big [of a] scale," he added.
Zoom in: Researchers at Israel-based Dream uncovered a phishing campaign designed to ensnare officials tied to diplomacy, elections and international coordination around the world.
- Between late December and mid-January, China-based hackers sent emails with files that pretended to be official U.S. diplomatic summaries or policy documents.
- The attack did not rely on a software vulnerability. Simply opening the file was enough to trigger the compromise. The malware is designed to collect data and maintain persistent access to the affected device.
- Dream is attributing the campaign to the China-linked cyberespionage group Mustang Panda.
Between the lines: Mustang Panda is notorious for targeting the U.S. and other regions with phishing lures as a way to break into systems and steal state secrets.
The intrigue: One of Dream's AI agents first uncovered the attack — marking what Hulio says is the first known case of an AI agent detecting a China-linked espionage campaign in the wild.
- "The Chinese are the most sophisticated attackers in the world," Hulio said. "They know how to hide. They know how to run under the radar. It's very, very difficult to catch them."
What to watch: As AI tools get better, expect them to not only improve at launching attacks and building exploits — but also to increasingly shape how governments detect espionage campaigns before victims even realize they've been targeted.
Go deeper: AI is perfecting scam emails, making phishing hard to catch
