Titled Shadows in the Cloud, the report was produced by researchers at the Information Warfare Monitor and the documented a cyber spying network called Shadow, that focused on government, business, and academic computer systems in India, the United Nations, and The Office of the Dalai Llama. The network made use of cloud-based social media services such as Twitter, Google Groups, Blogspot, and the Chinese Baidu Blogs service.
"This top layer directed compromised computers to accounts on free web hosting services, and once the free hosting servers were disabled, to a stable core of command and control servers located in the PRC," the report said. It also claimed links between the network of compromised computers and to individuals living in Chengdu, a location in the People's Republic of China with known links to the underground hacking community.
The researchers were also involved in the discovery of GhostNet, a cyber espionage network unveiled just over a year ago, which also appeared to have strong links to China.
Techniques used to investigate the network included the use of a DNS sinkhole – a pool of registered domains that have previously been used by attackers targeting Tibetan institutions as part of the original GhostNet attacks. The researchers also used what they called a "fusion methodology" that combines quantitative, qualitative, and technical data in a bid to draw concrete conclusions.
Among sensitive information we covered by the research team included documents marked SECRET, RESTRICTED, and CONFIDENTIAL, belonging to the Indian government. A total of 1500 letters sent from the Dalai Llama's office in 2009 also suggest that the attackers targeted specific systems and profiles of users, the report found.
A spokesperson for the Chinese Foreign Ministry said that China "resolutely opposes all forms of cyber crime, including hacking".