Hackers infiltrated the European Union’s diplomatic communications network for years, downloading thousands of cables that reveal concerns about an unpredictable Trump administration and struggles to deal with Russia and China and the risk that Iran would revive its nuclear program.
In one cable, European diplomats described a meeting between President Trump and President Vladimir V. Putin of Russia in Helsinki, Finland, as “successful (at least for Putin).”
Another cable, written after a July 16 meeting, relayed a detailed report and analysis of a discussion between European officials and President Xi Jinping of China, who was quoted comparing Mr. Trump’s “bullying” of Beijing to a “no-rules freestyle boxing match.”
The techniques that the hackers deployed over a three-year period resembled those long used by an elite unit of China’s People’s Liberation Army. The cables were copied from the secure network and posted to an open internet site that the hackers set up in the course of their attack, according to Area 1, the firm that discovered the breach.
Unlike WikiLeaks in 2010 or the Russian hack of the Democratic National Committee and other Democratic Party leaders in 2016, the cyberattack on the European Union made no effort to publish the stolen material. Instead, it was a matter of pure espionage, said one former senior intelligence official familiar with the issue who spoke on the condition of anonymity.
It also displayed the remarkably poor protection of routine exchanges among European Union officials after years of embarrassing government leaks around the world.
In this case, the cables were exposed after a run-of-the-mill phishing campaign aimed at diplomats in Cyprus pierced the island nation’s systems, said Oren Falkowitz, the chief executive of Area 1.
“People talk about sophisticated hackers, but there was nothing really sophisticated about this,” Mr. Falkowitz said. After getting into the Cyprus system, the hackers had access to passwords that were needed to connect to the European Union’s entire database of exchanges.
Area 1’s investigators said they believed the hackers worked for the Strategic Support Force of the People’s Liberation Army, part of an organization that emerged from the Chinese signals intelligence agency that was once called 3PLA.
“After over a decade of experience countering Chinese cyberoperations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government,” said Blake Darche, one of the Area 1’s experts.
The Chinese Embassy in Washington did not return calls for comment on Tuesday.
After burrowing into the European network, called COREU (or Courtesy), the hackers had the run of communications linking the European Union’s 28 countries, on topics ranging from trade and tariffs to terrorism to summaries of summit meetings, from the vital to the insignificant.