China’s elite hackers expand target list to European Union | CyberScoop<\/title> <meta name=\"description\" content=\"Beijing's hackers are also using an open-source VPN tool for persistence.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/china-apt-eset-target-typhoon-mirrorface\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"China's elite hackers expand target list to European Union\"> <meta property=\"og:description\" content=\"Beijing's hackers are also using an open-source VPN tool for persistence.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/china-apt-eset-target-typhoon-mirrorface\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-07T10:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-06T22:07:03+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1278\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1729616464g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1728928671g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1729103471g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82505\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82505\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-apt-eset-target-typhoon-mirrorface%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-apt-eset-target-typhoon-mirrorface%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82505 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/china-apt-eset-target-typhoon-mirrorface\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.07881773399\">\n<div class=\"single-article__header-content\" readability=\"31.911764705882\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Beijing’s hackers are also using an open-source VPN tool for persistence. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82505\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-2.jpg?resize=1266,843 1266w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> A hacker with China’s national flag in background. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"57.885177453027\"><body readability=\"116.77054794521\"><\/p>\n<p>China\u2019s elite government-backed hackers are using legitimate VPN tools to camouflage their presence on the expanding list of victim networks, according to a new report from the cybersecurity firm ESET.<\/p>\n<p>Released Thursday, ESET\u2019s report on the <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/eset-apt-activity-report-q2-2024-q3-2024\/\">latest state-backed cybersecurity threats<\/a> detail a growing target list that experts believe is a concerted effort to further Beijing\u2019s intelligence goals. <\/p>\n<p>The Chinese-linked group, referred to as MirrorFace, typically targets the region around Japan, however MirrorFace was recently seen targeting an organization in the European Union. <\/p>\n<p>\u201cFor the first time, we observed MirrorFace targeting a diplomatic organization within the EU, a region that remains a focal point for several China-, North Korea-, and Russia-aligned threat actors. Many of these groups are particularly focused on governmental entities and the defense sector,\u201d Jean-Ian Boutin, director of threat research at ESET, said in a statement.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>ESET did not name the organization targeted. However, MirrorFace\u2019s spearphishing email was related to the world exposition EXPO 2025 to be held next year in Osaka, Japan. As such, the report notes that the motivation likely remains Japanese-focused. <\/p>\n<p>The Slovakia-based firm also found evidence that the recently revealed a Chinese-linked group dubbed \u201cCloudSourcerer\u201d has been around longer than initially believed. This group was also seen targeting the European Union.<\/p>\n<p>CloudSourcerer was first <a href=\"https:\/\/securelist.com\/cloudsorcerer-new-apt-cloud-actor\/113056\/\">documented by Kaspersky in June<\/a> for targeting the Russian government. At the time, the Russian-based cyber firm believed the cyberespionage tool used in the campaign made its debut appearance in May. However, ESET researchers found two samples uploaded to VirusTotal in February and July. The researchers note that they believe with \u201chigh confidence\u201d that the samples were not tampered with, while establishing \u201cactivity of the group back to at least early 2022.\u201d<\/p>\n<p>In addition to expanding the target list, Chinese hackers \u2014 such as Flax Typhoon, which just had part of its infrastructure <a href=\"https:\/\/cyberscoop.com\/fbi-operation-china-botnet-flax-typhoon\/\">dismantled by the FBI<\/a> in September \u2014 are also finding new ways to stay undetected. <\/p>\n<p>Mathieu Tartare, senior malware researcher at ESET, said that \u201cone trend that we noticed among several China-aligned threat actors is the use of SoftEther VPN instead of their usual implants or backdoors.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>ESET found that Chinese-linked hackers have taken to deploying SoftEther VPN, a legitimate open-source program used by businesses for remote connections, \u201cinstead of their usual implants or backdoors,\u201d Tartare said. He noted that the Chinese-linked hackers install the VPN on victim machines as an easy solution to maintain connection, while also blending into the victim\u2019s legitimate traffic.<\/p>\n<p>\u201cWe believe the attackers realize it\u2019s a pretty useful tool to deploy a VPN software instead of a fully-fledged backdoor because it\u2019s a legitimate software; it allows you to easily create a bridge between your organization and the victim organization,\u201d Tartare said.<\/p>\n<p>Webworm, a cyberespionage group linked to China, used the VPN software to target government organizations that belong to the EU instead of a \u201cfull-featured backdoor\u201d tool set the hackers typically use, the firm said.<\/p>\n<p>\u201cWe believe that there might have been targeting some individual in Ecuador based on the decoy document that was used in the spearfishing email,\u201d Tartare said.<\/p>\n<p>Tartare noted that organizations looking to protect themselves should consider any SoftEther VPN executables deployed on the network as suspicious. \u201cEspecially when this executable does not have the right filename,\u201d he continued, adding that organizations should block SoftEther VPN executables if there is no reason for it to be on the network.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>ESET\u2019s APT update also included changes in tactics, techniques, and procedures from Russia,North Korea and Iran.<\/p>\n<p>Iran, for instance, has leveled up activity with MuddyWater \u2014 a hacking group linked to the country\u2019s Ministry of Intelligence and Security that has been around since 2017 \u2014 from cyberespionage to support for diplomatic and potentially kinetic operations.<\/p>\n<p>ESET noted \u201cpotential indicators\u201d that MuddyWater\u2019s targeting of a transportation organization in Israel \u201cmay be gathering information to support military activities.\u201d MuddyWater was seen moving laterally and exhilarating credentials on internal networks in an \u201cunusual\u201d way that could indicate Iran is looking to target the critical sector. <\/p>\n<p>\u201cIn light of the current tensions and conflicts in the Middle East, it makes sense that Iran-aligned groups would look to target critical industries like transportation,\u201d the report said.<\/p>\n<p>Russian hackers, meanwhile, are increasingly using one-day vulnerabilities on webmail servers like Roundcube and Zimbra. ESET researchers said that the spearphishing emails usually contain cross-site scripting exploits.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.6710526315789\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinas-elite-hackers-expand-target-list-to-european-union-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/china-apt-eset-target-typhoon-mirrorface\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China’s elite hackers expand target list to European Union |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,78,1009,2708,302,513,46,256,270,49,288],"tags":[277,86,1012,2710,306,517,54,262,276,57,294],"class_list":["post-6134","post","type-post","status-publish","format-standard","hentry","category-china","category-cybersecurity","category-eset","category-flax-typhoon","category-geopolitics","category-iran","category-ransomware","category-research","category-russia","category-threat-intelligence","category-threats","tag-china","tag-cybersecurity","tag-eset","tag-flax-typhoon","tag-geopolitics","tag-iran","tag-ransomware","tag-research","tag-russia","tag-threat-intelligence","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/eset\/\" rel=\"category tag\">ESET<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/flax-typhoon\/\" rel=\"category tag\">Flax Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-intelligence\/\" rel=\"category tag\">Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6134"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6134\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6134,"date":"2024-11-07T04:00:00","date_gmt":"2024-11-07T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82505"},"modified":"2024-11-07T04:00:00","modified_gmt":"2024-11-07T10:00:00","slug":"chinas-elite-hackers-expand-target-list-to-european-union","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/07\/chinas-elite-hackers-expand-target-list-to-european-union\/","title":{"rendered":"China\u2019s elite hackers expand target list to European Union"},"content":{"rendered":"