Chinese sponsored hackers targeting governments in Asia with APT 30 for last 10 years

Hackers in China have been targeting governments, companies and journalists Southeast Asia, India for information on political and military issues since the last decade

A U.S. based cybersecurity company said in a report released on Monday that the state sponsored hackers in China are likely behind a adulterated cyber spying campaign targeting governments, companies and journalists in Southeast Asia, India and other countries for the last ten years.

FireEye Inc. pointed out that the attacks have been designed to collect information, likely from classified government networks and other sources, belonging to political and military issues such as disputes over the South China Sea.

Satellite images released recently indicate a major expansion in China’s construction of artificial islands on disputed reefs, thereby increasing concerns about Beijing’s territorial ambitions. Beijing claims in the disputed South China Sea overlap with those of Malaysia, Vietnam, Brunei, Taiwan and the Philippines—a U.S. treaty ally.

The Milpitas, Calif.-based FireEye said the hacking efforts stand out because some of the elements are in existence as early as in 2005 and due to their geographic focus.

The report said that some of the cyberattacks took form of specially designed emails written in the recipient’s native languages containing documents that appeared legal but contained malware.

Other cyber attacks are designed to pierce through remote networks. This is done by disconnecting the Internet for security purposes and by fooling their administrators into downloading malware on their home computers. The malware is then inserted into the administrators’ portable drives, such as USB sticks, which are later connected into the secure networks, infecting them, it said.

‘That means the governments and the organizations they’re targeting have not been able to detect them. That is truly scary.’
—Bryce Boland, FireEye’s chief technical officer for Asia-Pacific
Teams of hackers appear to work in shifts and have developed malware in a consistent fashion over the years, indicating a high level of organization, FireEye said.

“Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored most likely by the Chinese government,” FireEye said in the report.

China’s Ministry of National Defense chose not to provide a detailed explanation and instead asked to refer to its previous public remarks when asked to comment on the issue. The allegations that China is behind cyber hacking has dismissed as baseless by them in the past. However, they said that disclosures made by former U.S. National Security Agency contractor Edward Snowden about U.S. intelligence-gathering efforts are proof that Washington is a major offender. The Cyberspace Administration of China chose not to respond on this comment.

A group of five Chinese military officers were accused by the U.S. Justice Department last year for allegedly hacking U.S. companies’ computers to steal trade secrets. This group was first publicly revealed in a 2013 report by Mandiant Corp., a computer-security firm that FireEye bought last year.

The new report says the group it describes, dubbed APT30, “has been able to operate with the same tools and the same infrastructure for nearly a decade,” Bryce Boland, FireEye’s chief technical officer for Asia-Pacific, told The Wall Street Journal.

“That means the governments and the organizations they’re targeting have not been able to detect them. That is truly scary,” he said.

FireEye pointed out that the hackers used to target countries in the 10-member Association of Southeast Asian Nations prior to regional meetings to get an understanding of the political dynamics and potential planned discussions. The above operation has been in practice since 2011.

A summit of Asean foreign ministers held in 2012 to address territorial claims in the sea were abruptly ended amid tense disagreement in Phnom Penh, Cambodia. Then Asean Secretary-General Surin Pitsuwan said the failure of the group to agree on language for a concluding communiqué, usually issued at the end of such gatherings, was “unprecedented.” However, Asean chose not to respond or comment immediately on the FireEye report.

FireEye said the hacking group in another campaign last summer directed attacks on more than 30 individuals in the defense and financial services sectors of an unnamed government. They were said to be related to a “significant political transition” taking place in a Southeast Asian nation.

The emails, made to appear as if they came from inside the government, were written in the country’s local language and referred to “foreign journalists’ reactions to the political transition,” presumably an attempt to appeal to recipients’ desires to learn about how outsiders viewed events at the time, FireEye said.

The report said that in 2012, more than 50 journalists at unnamed international media outlets were sent an email containing malware that claimed to contain the transcript of a China Ministry of Foreign Affairs press briefing. The journalists covered topics such as China’s economy, issues surrounding corruption, maritime disputes, defense and human rights issues.

Organizations in India have also been targeted, such as an unnamed Indian aerospace and defense firm and an Indian telecommunications company, FireEye said. In other hacking attempts, messages containing content related to the governmental affairs of Bhutan and Nepal, which sit between China and India have been reported.

LEAVE A REPLY

Please enter your comment!
Please enter your name here