The Aspen Institute, a Washington-based educational and policy studies organization, has been hacked.
According to The Huffington Post, the organization knew nothing about the breach until the FBI told them that their email communications had been monitored for a period of two months by hackers allegedly based in China.
It’s believed that the hackers used spear phishing emails to plant malware on the computers of unsuspecting employees. The malicious elements harvested their passwords, which the hackers used to snoop around in their email accounts.
“The hackers seem to think we knew something they wanted to know,” Trent Nichols, Aspen Institute’s director of IT services told The Huffington Post.
However, the attackers’ precise reasons remain unknown.
Similar to The New York Times hack, the Aspen Institute’s computers are protected by Symantec antivirus products, which failed to detect the custom malware. In its defense, Symantec has highlighted that antivirus is not enough to protect a network against sophisticated threats.
Nichols said that employees were instructed to change their passwords following the incident. The computers have been cleaned up, but the organization can’t afford to implement additional security systems.
The Aspen Institute is the latest US organization to report being hacked by China-based hackers. Earlier this month, The New York Times, The Washington Post, and The Wall Street Journal reported similar incidents.
Chinese officials have denied the accusations. In a recent statement, the Chinese Ministry of Defense said that Mandiant’s report was not based on facts and argued that the media should not make such accusations because they could undermine cooperation between them and the US.