Home / Technology / Palo Alto Networks Softens China Cyber-Hack Report
Palo Alto Networks Softens China Cyber-Hack Report
13 Feb
Summary
- Cyber firm withheld China link to global hack for fear of retaliation.
- Palo Alto's report draft cited China; final version was vague.
- Company cited software ban and feared reprisal from Beijing.
Palo Alto Networks reportedly softened its attribution of a global cyberespionage campaign to China, fearing retaliation. Sources indicated that a draft report from Palo Alto's Unit 42 initially linked prolific hackers, identified as TGR-STA-1030, to Beijing.
However, the published report described the group more generally as "state-aligned" and operating from Asia. This change allegedly occurred after Chinese authorities banned software from Palo Alto and approximately 15 other cybersecurity firms on national security grounds.
Executives are said to have ordered the revision due to concerns about potential reprisal against the company's personnel in China or its clients worldwide. While attributing cyber activity is complex, Unit 42 researchers were reportedly confident in their forensic evidence connecting the campaign to China.
The campaign, dubbed "The Shadow Campaigns," targeted government and critical infrastructure organizations in 37 countries. Clues in the report, such as activity aligning with the GMT+8 time zone and targeting of specific countries following political events, suggest China's involvement.
Palo Alto stated that attribution is "irrelevant" and denied that the language choice was linked to Chinese procurement regulations, emphasizing a focus on informing governments about the widespread campaign. The Chinese Embassy in Washington reiterated its opposition to cyberattacks and called for professional, evidence-based attribution.
