Arguably, diplomatic communications are a sovereign state’s most sensitive, protected information. However, threat actors target and breach even a heavily secured diplomatic correspondence network with alarming success to steal data and intellectual property—just as they target private businesses and organizations.This report details how Chinese state-sponsored threat actors used seemingly unremarkable, but highly effective, cyber campaigns resembling attack methods used on businesses and organizations, to breach EU diplomatic communications.

At the heart of this series of attacks are three key facts:

• 9 out of 10 cyber breaches start with a phishing attack.
• Cyberattacks use creativity and persistence to gain user trust and penetrate target networks. The attacks themselves are not technically sophisticated, but consistently reuse methods and malware, similar to an assembly line.
• Threat actors look for the weakest link in the digital chain to gain entry to their target.