Cyber Incident Victim: Hong Kong

In August 2016, two Hong Kong government agencies were targeted by cyberattacks originating from China in the weeks preceding the region’s legislative elections scheduled for early September. The China-based threat group APT 3 conducted at least three spear-phishing attacks against these agencies during early August. These attacks involved emails containing malicious links or attachments designed to deploy malware and compromise the agencies’ computer networks. U.S. cybersecurity firm FireEye Inc., through its subsidiary iSIGHT, identified and disclosed the campaign. John Watters, president of iSIGHT, characterized the attacks as politically motivated based on the timing and targeting of government entities. The incidents occurred amid heightened political tensions ahead of the elections, though the specific agencies affected were not named in public reporting. FireEye did not disclose whether the attacks successfully breached the networks or exfiltrated data.

The targeting of Hong Kong government entities by a China-linked group shortly before a major electoral event underscored concerns about cyber espionage intersecting with political processes. FireEye’s attribution to APT 3, a group historically associated with Chinese state interests, suggested a strategic objective aligned with monitoring or influencing Hong Kong’s political landscape. The use of spear-phishing—a method requiring reconnaissance to craft credible lures—indicated deliberate focus on the agencies’ personnel or systems. No public statements from the Hong Kong government regarding incident response, mitigation measures, or operational impacts were cited in the report. The disclosure highlighted persistent cyber threats faced by governmental bodies during politically sensitive periods but did not elaborate on technical indicators, malware specifics, or downstream consequences beyond the attempted compromises.