Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Believes Chinese Intelligence Behind Marriott Hack

The United States said Wednesday that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing.

The United States said Wednesday that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing.

Secretary of State Mike Pompeo confirmed to Fox News’ Fox & Friends program that the government believes China masterminded the Marriott data theft.

“They have committed cyber attacks across the world,” he told the show.

“We consider them a strategic competitor. They are taking actions in the South China Sea. They’re conducting espionage and influence operations here in the United States,” he said.

The Marriott hacking allegation came amid heightened tensions between Beijing and Washington that encompasses geopolitics, trade, technology rivalry and espionage.

Last week Canada arrested an executive of Huawei, China’s leading telecommunications company, at the request of the United States, which plans to charge her with fraud charges related to sanctions-breaking business dealings with Iran.

China has responded in kind, detaining a former Canadian diplomat, Michael Kovrig, who is now a China expert at the International Crisis Group security consultancy.

In addition, Washington is expected this week to unveil new charges against Chinese military and intelligence hackers as it seeks to counter what is seen as a broad-based, sustained cyber threat against US government and corporate targets from Beijing.

– Data on 500 million customers –

The Marriott hackers, who stole detailed data on some 500 million customers of the world’s largest hotel company, are believed to have been working for China’s Ministry of State Security.

Washington sees them as part of an espionage effort that has targeted health insurers and the US civil service employment database.

Marriott revealed on November 30 that cyber-thieves had been in the systems of its Starwood brand since 2014, which Marriott took over two years later.

It uncovered the breach in September and the Federal Bureau of Investigation is understood to be investigating the matter.

In the past week Marriott has sent out emails to customers who had used its systems alerting them that their data may have been stolen.

“For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences,” the company said.

“For some, the information also includes payment card numbers and payment card expiration dates,” it said.

The company said that the credit card data was protected by two decryption components, but added: “At this point, Marriott has not been able to rule out the possibility that both were taken.”

Separately, a new report from computer security company McAfee said their researchers had uncovered a new global effort by hackers to infiltrate the computer systems of nuclear, defense, energy and financial companies.

“In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States,” the company said.

It said initial indications were that the hackers were North Korean, but also suggested the possibility that the identifiers in the malware that pointed to Pyongyang may have been a “false flag” to distract researchers from the true source.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.