FireEye, a California-based IT security agency on advanced cyber attacks, released its latest intelligence report that said China government’s cyber espionage program transcended Himalays to Nepal, India and even Vietnam in Southeast Asia.
Titled “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation”, the report on advanced persistent threat (APT) group said hackers, most likely sponsored by the Chinese government, are conducting cyber espionage since 2005, and the APT 30 is one of the longest operating groups of its kind tracked by FireEye.
The group has maintained largely consistent targeting in Southeast Asia and India, including targets in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines and Indonesia, among other countries.
In addition, APT 30’s attack tools, tactics, and procedures (TTPs) have remained markedly consistent since inception – a rare finding as most APT actors adjust their TTPs regularly to evade detection.
“Advanced threat group like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” said Dan McWhorter, VP of threat intelligence, FireEye.
“Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will help empower the region’s governments and businesses to quickly begin to detect, prevent, analyze and respond to this established threat.”
Analysis conducted on APT 30’s malware reveals a methodical approach to software development similar to that of established technology businesses – an approach that aligns closely to the various diplomatic, political, media and private-sector environments they intended to breach, said the report.
Their targets are those who might be possessing information that helps the Chinese government or its agencies looking for intelligence about key Asian and Southeast Asian countries in view of their long-pending border disputes and the South China Sea controversy.
Bryce Boland of FireEye, co-author of the report, said the attack never stopped and is an ongoing operation against its customers, who number among the targets. China’s Cyberspace Administration, which regulates the internet usually denies such allegations.
This is not the first time such allegation was made against China. In 2011, McAfee report said a campaign called ‘Shady Rat’ that attacked Asian establishments forced the ASEAN nations to build cyberdefences. Singapore’s civil servants encountered such attacks in 2004.
Boland said,”Without being able to detect it, there’s no way these agencies can work out what the impacts are. They don’t know what has been stolen.”