Mongolian National Data Center Building

The organisation is known by the alias Mongolian government data center.
It is also referred to as the Mongolian National Data Center Building.
Its headquarters is located in Mongolia.

On 2018-04-06, Chinese state-sponsored actors leveraged Tsinghua University infrastructure to conduct network reconnaissance targeting the Mongolian National Data Center Building alongside other strategic entities in Alaska, Kenya, and Brazil.
This activity aligned with China's Belt and Road Initiative economic goals, focusing on geopolitical organizations engaged in trade discussions or infrastructure partnerships with Chinese state entities.
The threat actors systematically scanned ports to identify vulnerabilities, though no confirmed malware deployment was observed at the Mongolian site.
On 2017-10-01, a Chinese state-linked hacking group known as APT27 compromised Mongolia's national data center through spear phishing and watering hole attacks, leveraging employee access to infiltrate critical infrastructure.
The attackers implanted malware across government websites, enabling persistent espionage operations via a command server routed through a compromised Ukrainian Mikrotik router.
This breach provided extensive access to sensitive government systems and data, coinciding with heightened geopolitical tensions between Mongolia and China.
Kaspersky researchers attributed the campaign to the financially motivated APT27 group, which has historically targeted government entities and defense contractors.
The incident demonstrated an unusually direct compromise of a national data hub to facilitate widespread digital surveillance.