28th Feb 2024

Hackers stole thousands of internal EU files

  • EU and China discussed cyber-security and data privacy at their summit in July (Photo: European Commission)

Chinese hackers have been reading sensitive EU diplomatic cables for the past three years, according to a US cyber-security firm.

"People talk about sophisticated hackers, but there was nothing really sophisticated about this," Oren Falkowitz, the CEO of Area 1, the US firm, told The New York Times on Tuesday (18 December).

Read and decide

Join EUobserver today

Get the EU news that really matters

Instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Donald Trump made a deal with Vladimir Putin to help him get hold of a British human rights campaigner (Photo:

"After over a decade of experience countering Chinese cyber-operations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government," an Area 1 expert, Blake Darche, added.

The hackers did it by sending phishing emails to diplomats in Cyprus - emails containing links that installed malicious software on their computers.

They then got the diplomats' passwords for the EU's internal diplomatic cable system, called Coreu, enabling them to read communiques shared by the 28 member states.

The extent of the hack is smaller than that of Wikileaks, which published over 250,000 US diplomatic texts in 2010.

The US leak involved highly classified information, but, according to Area 1, the Chinese hack only obtained texts graded as "Limite" or "Restraint".

The French terms are used to denote the lowest out of five levels of EU classification, which also include "Confidential", "Secret", and "Tres Secret".

But according to the EU's own literature on the subject, leaks of "Restraint" texts could still be "disadvantageous" to EU interests.

They might "adversely affect" diplomatic relations, "distress" individuals or "facilitate" crime and "improper gain."

Area 1 shared a sample of 1,100 EU cables out of the cache it intercepted with the New York Times, which, in turn published a sample of the sample.

The cables published by the US newspaper focus on China, India, Iran, Israel, North Korea, Russia, Ukraine, and the US.

In what may be the clearest case of a "disadvantageous" effect of the leak, a handful of cables discuss North Korean and Iranian entities and individuals that the EU intended to blacklist on nuclear proliferation or human rights grounds.

But advance notice of an EU designation, which includes asset freezes, would enable the entities or people concerned to move their money out of Europe before EU states took action.

EU-China summit

Meanwhile, one cable dated 16 July 2018, gave an insight into what happens behind the scenes at EU-China summits.

The EU diplomat who drafted the memo noted that Chinese leader Xi Jinping told EU Council chief Donald Tusk and European Commission president Jean-Claude Juncker that he was prepared to fight a trade war with the US if need be.

"Caving in would embolden the bully. The Chinese people would not accept this, even if a trade war would hurt everybody. China was not a backward country anymore," Xi said, referring to "bullying" on tariffs by US leader Donald Trump.

The summit was "good-tempered", but at one point Juncker made "a forthright statement that the EU expected to be treated as undivided and undividable", when Chinese premier Li Keqiang spoke of bilateral ties with EU states.

Tusk also "raised EU concerns about the human rights situation in China and the particular case of Gui Minhai", a Hong Kong dissident jailed by China.

Li gave Tusk no new information and lectured him on respect for Chinese law, but also "stated that respective [EU and Chinese] teams should meet and follow up on the case."

Most of the summit focused on trade and investment, with Li pledging "no forced technology transfer" from European firms and to "deal seriously with IPR [intellectual property] violations".

But if Area 1 was right about its attribution of the EU hack to China, then Li's promises might not be worth much.

Tusk, in a second irony, also asked Li for help in ensuring that "cyber-security" and "data privacy" concerns were properly dealt with.

Another EU cable, dated July 2018, also voiced concern about "China's growing engagement in Africa".

It said no-strings attached Chinese infrastructure investments there were "negatively impacting EU efforts to promote democracy, human rights and good governance and reducing the willingness of African elites to reform".

It also said the Chinese army, Chinese private security firms, and Chinese state media were building a presence on the continent.

"Chinese media are actively expanding their presence and cooperate and share content with dozens of African news outlets," the EU cable said.

"Europe's presence in Africa is underappreciated," despite being its main aid donor, it added.

Trump-Putin meeting

A further cable, from the EU mission in the US in July this year, shed light on what happened when Trump met Russian leader Vladimir Putin in Helsinki earlier the same month.

White House security chiefs told the EU that Trump agreed to "the idea of an US-Russia investigation swap (granting access to special counsel Mueller to interrogate indicted Russian officials if the US agrees on the same in the 'Browder case', including access to former US ambassador to Russia Michael McFaul)".

But the US officials also said that this deal would be "nipped down" in Washington.

Robert Mueller is a US investigator looking into Russian election meddling in 2016. Bill Browder is a British human rights activist who campaigns for sanctions on Russia.

The EU diplomat said the summit was "successful (at least for Putin)" in PR terms.

But the Mueller-Browder deal aside, Trump and Putin made "no agreements, beyond the agreement to keep talking".

In a cable from Moscow dated February 2018, the EU diplomat noted "EU-Russia relations are complicated" due to Russia's invasion of Ukraine.

But he said that when the EU's special envoy on Afghanistan visited Russia "the mood was cordial and Russian interlocutors were rather open in their willingness to discuss possible enhanced cooperation on a number of issues", such as EU mediation in Afghan government talks with the Taliban militant group.

An EU cable from Kiev, also in February, indicated that the Ukraine complications were bigger than publicly acknowledged, however.

Ukrainian officials told the EU that Russia-annexed Crimea was a "hot-zone where nuclear warheads might have already been deployed".

A cable from Kiev in July highlighted the cost of Russia's invasion of east Ukraine.

"Places where children could play safely four years ago are now riddled with deadly explosives affecting the area along the contact line where 200,000 children reside," it said.

"Landmines and unexploded ordnances were a main cause of children casualties in 2017, accounting for about two-thirds of all recorded deaths and injuries leaving many children with lifelong disabilities," it added.

Iran deal

Trade wars and Russia deals aside, Trump has also split from the EU by walking away from an EU-brokered nuclear arms control deal on Iran.

Two EU cables, one from an informal EU foreign ministers meeting in February 2016, and one from a Slovak visit to Israel in June this year, shed light on the case.

The EU ministers admitted that Iran had a "disturbing ballistic [missile] programme" and that "even in a best-case scenario, according to the deal Iran would presumably become a nuclear threshold state in 15 years".

They also said removal of EU sanctions on Iran, meant that "plenty of opportunities were now open in the area of trade and investment, where the EU had lost out" in the past.

"After 2025 ... Iran will re-launch its nuclear programme," Israeli diplomats told Slovakia.

Migration crisis

Meanwhile, the EU ministerial meeting in Amsterdam in 2016 also warned that "migration is turning into an existential threat for [EU] integration".

"Several FMs [foreign ministers] advocated the need to defend Schengen [the EU's free-travel zone] as a matter of priority," the cable added.

"It was a powerful symbol of EU integration; and it was far from sure that to start closing [internal EU] borders would work as a decisive deterrent against economic migrants, or asylum seekers," the cable said.

The EU foreign service told The New York Times on Tuesday that "is aware of allegations regarding a potential leak of sensitive information and is actively investigating the issue."

But it declined to comment "on allegations or on matters relating to operational security".

A spokesperson of the Mission of China to the EU told EUobserver: "Such a report is suspicious, groundless and extremely irresponsible.

"China is a major victim of cybertheft and cyberattack, and a steadfast defender of cybersecurity. China firmly stands against and fights in accordance with law criminal hacking activities in all manifestations.

"The competent authorities will conduct investigations according to law, provided that there is evidence. Regarding the issue of cybersecurity, we oppose any allusions or slandering out of ulterior motive."

This story was expanded on Thursday 20 December to incorporate the response sent by the Mission of China to the EU

EU and China perform tricky diplomatic dance

EU and China relations kicked off 15 years ago after signing a strategic partnership. Trade has increased dramatically but human rights and other issues remain tricky as the two seek to defend international law and international trade.

MEPs target exports of cyber surveillance tech

MEPs have introduced a human rights clause into the export of cyber surveillance technology as part of EU-wide reforms to prevent abuse by autocratic regimes. The Strasbourg plenary will vote on the bill on Wednesday.

Microsoft warns EU on election hack threat

Russian hackers posed a threat to EU elections, US tech giant Microsoft has warned, amid fresh revelations of cyber-attacks against European targets.


How to enhance EU cybersecurity

The Hungarian hacking allowed Russian intelligence to read 'over the shoulder' of an EU member state for an extended period of time. The difficulty for the EU is that it's not one nation, but a combination of 27 cybersecurity policies.


For Ukraine's sake, pass the EU due diligence directive

The EU Commission's 2022 CSDDD proposal did not include provisions incorporating "conflict due diligence", they were added, after the Russian invasion, by the European Parliament and Council into the final directive text — for Ukraine's sake, vote for it.

Latest News

  1. Joined-up EU defence procurement on the horizon?
  2. Macron on Western boots in Ukraine: What he really meant
  3. Amazon lobbyists banned from EU Parliament
  4. MEPs adopt new transparency rules for political ads
  5. EU nature restoration law approved after massive backlash
  6. Memo from Munich — EU needs to reinvent democracy support
  7. For Ukraine's sake, pass the EU due diligence directive
  8. All of Orbán's MPs back Sweden's Nato entry

Stakeholders' Highlights

  1. Nordic Council of MinistersJoin the Nordic Food Systems Takeover at COP28
  2. Nordic Council of MinistersHow women and men are affected differently by climate policy
  3. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  4. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  5. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  6. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?

Stakeholders' Highlights

  1. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  2. UNOPSFostering health system resilience in fragile and conflict-affected countries
  3. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  4. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  5. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  6. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA

Join EUobserver

EU news that matters

Join us