After a 10-month investigation, researchers at Information Warfare Monitor have uncovered and infiltrated the suspected cyber espionage network, dubbed GhostNet. The researchers were initially investigating Chinese cyber spying against Tibetan institutions of the Dalai Lama.
"Close to 30 percent of the infected hosts are considered high-value and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The investigation was able to conclude that Tibetan computer systems were compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information, including documents from the private office of the Dalai Lama," Information Warfare Monitor says.
The researchers say the fact that numerous politically sensitive and high value systems were compromised , the do not know the motivation or identity of the attacker.
The researchers managed to identify the servers used for the operation and to study its command and control systems from the inside, as documented in their report, released this weekend.
While no NZ-based systems are listed in the researchers' initial report, Computerworld has sent a query to the researchers to determine whether local computers have been identified as compromised.