News of a major security breach at the Ministry of Foreign Affairs of Cyprus that resulted in troves of EU diplomatic cables becoming available to suspected Chinese operatives has infuriated local officials.
According to the New York Times and Bloomberg, Chinese hackers infiltrated the European Union’s diplomatic communications network by running a phishing campaign aimed at diplomats in Cyprus.
Diplomatic sources speaking to Kathimerini expressed their frustration and anger regarding the incident. The EU has launched an investigation while Cyprus has called for an emergency meeting of its Digital Security Authority.
Sources from the Cypriot Foreign Ministry said that such attacks have happened in the past and even several times. "For national security reasons, we will not be elaborating further," sources said.
Kathimerini has been informed that the matter is being handled by the competent authorities of the Republic, who initially voiced doubts about the validity of the reports but at the same time seem to take seriously an issue that involves a major data security breach.
Steven Erlanger, chief diplomatic correspondent in Europe for The New York Times and David Sanger, national security correspondent, cited Oren Falkowitz, the chief executive of cyber security firm Area 1, who said that Chinese intelligence operatives infiltrated into the Cyprus system, thereby gaining access to passwords that were needed to connect to the European Union’s entire database of exchanges.
But revelations did not stop there. Bloomberg reported that the news comes as the US government has been scrutinizing the operations of Chinese telecom equipment company Huawei Technologies over concerns of possible espionage by China. The US intelligence agencies have warned against the use of phones or services provided by China's Huawei and ZTE.
What is the Digital Security Authority?
The Digital Security Authority aims to increase the security capabilities of Cyprus by fortifying the protection of national critical information infrastructure such as banking networks, communication networks and internet service providers. The authority implements preventive and reactive security strategies to reduce risk to communication network attacks and cyber-security threats. [Kathimerini Cyprus]