A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, marking one of the longest-running and most efficient campaigns unveiled, according to security company FireEye Inc.
Named APT30, the group increased hacking activity ahead of regional diplomatic meetings and also targeted at least 15 companies in communications, technology, finance and aviation, the U.S. cybersecurity provider said. Parts of India’s military were also targeted, it said.
FireEye, whose Mandiant division identified a sophisticated Chinese military hacking unit before the U.S. issued indictments against members of that group, said it didn’t have the evidence to prove China’s connection to APT30. Software code and language are among indicators the software used to manage the attacks was developed in China, FireEye said.
“Given the types of targets as well as how the victims were targeted and who the targets were, what was being sought was clearly relevant to Chinese national interests,” Bryce Boland, chief technology officer for Asia-Pacific at FireEye, said in an interview. “All indications point to the Chinese government, I just don’t have a smoking gun.”
Since at least 2005, APT30 distributed malicious software, known as malware, that then gave hackers access to computers among countries in the Association of Southeast Asian Nations and India, FireEye said in a report released today.
Cyber Victim
China’s foreign ministry, defense ministry and Internet regulator have repeatedly denied that the nation is behind any cyber attacks. Hua Chunying, a foreign ministry spokeswoman, told reporters on March 30 that the country is “one of the major victims” of cyber attacks.
China’s Cyberspace Administration Office didn’t immediately respond to faxed questions about the FireEye report.
According to University of Toronto researchers, China has begun using an “offensive system” able to disrupt access to websites outside its borders.
The deployment of this system represents a “significant escalation in state-level information control,” the university’s Citizen Lab said in a report posted to its website Friday. This system, dubbed the “Great Cannon,”, was used in recent attacks on GitHub Inc. and servers used by GreatFire.org, according to the university’s report.
Software Package
APT30 used a package of software, named Backspace and Neteagle, and related tools called Shipshape, Spaceship and Flashflood, to go after files from targets involved in political, military, and economic affairs, according to the FireEye report. Media organizations and journalists were also targeted, it said
Targeting of computers not directly connected to the Internet -- known as air-gapped networks -- showed the hackers were seeking the most-sensitive types of information and knew how to exploit USB thumb drives to steal files, Boland said. Its targeting of air-gapped systems since 2005 is one of the earliest observed examples of such a strategy, FireEye said.
“The attacks against the high-tech sector were quite focused on gaining access to schematics and design information for products,” Boland said, declining to name specific targets.
By sending e-mails that appeared to come from legitimate correspondents, including letters written fluently in local languages such as Thai, the hackers were able to trick targets into opening infected documents that installed malware.
Spear Phishing
In one instance, hackers sent an e-mail purporting to come from a trusted source -- known as spear phishing -- to more than 50 journalists with a subject line containing the phrase “China MFA Press Briefing,” FireEye said. MFA is an abbreviation for the Ministry of Foreign Affairs.
FireEye identified seven countries as confirmed targets, including India and the U.S. A further 10 nations were classified as “likely” targets.
The APT30 group used spear phishing techniques to seek information on military relations between China and India and contested regions, FireEye said.
Orderly updates of the malware and the keeping of detailed records of software versions indicate a large, efficient and tightly run group, FireEye said.
“We have observed APT30 target national governments, regionally-based companies in 10 industries, and members of the media who report on regional affairs and Chinese government issues,” FireEye said. “The group expresses a distinct interest in organizations and governments associated with ASEAN, particularly so around the time of official ASEAN meetings.”
APT30 released customized variants of its malware to coincide with ASEAN meetings in Jakarta, Phnom Penh and New Delhi, according to the report.
Bloomberg
Mon Apr 13 2015
A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, a security company said.
Who is Prabowo Subianto, incoming president of Indonesia?
A wealthy ex-general with ties to Indonesia's popular outgoing president and its dictatorial past, looks set to be its next leader.
Iran's supreme leader says Hamas leader's death will not halt 'Axis of Resistance'
The "Axis of Resistance", built up with years of Iranian support, includes Hamas, the Lebanese Hezbollah group, the Houthi movement in Yemen, and various Shi'ite groups in Iraq and Syria.
Putin says Russia willing to seek compromises between Iran and Israel
Russia is ready to help seek compromises between arch-foes Israel and Iran, President Vladimir Putin said on Friday, saying these would be difficult but possible.
What proposals will Russia push at the BRICS summit?
The proposal is also to establish a BRICS reinsurance company to allow uninterrupted shipment of goods and key commodities between members.
Indonesia's free meals plan in the spotlight as Prabowo readies for office
Prabowo calls the programme one of the main drivers of economic growth, eventually set to add an estimated 2.5 million jobs.
Astro AWANI's revamped English news website, AWANI International, launches on Oct 21
Astro AWANI's revamped English platform delivers in-depth global news and expert analysis to keep you informed on key developments.
Israeli strikes kill 33 people in Jabalia refugee camp in Gaza, medics say
Residents of Jabalia said Israeli tanks had reached the heart of the camp after pushing through suburbs and residential districts.
Liam Payne's ex-partner calls for media restraint after 'painful' death
Cheryl Tweedy used her statement to urge the media to remember they had a seven-year-old son, Bear, who could read the reports.
Analysts: Indonesia's strong MoF leadership team to boost investor confidence
Sri Mulyani Indrawati as head of Indonesia's Ministry of Finance is expected to instil confidence among investors.
Biden offers both a carrot and a stick to Israel as his term nears an end
Israel has frequently resisted US advice and has caused political difficulties for the Biden administration.
Putin says BRICS will generate most of global economic growth
Russian President Vladimir Putin will host a summit of the group in the city of Kazan on Oct. 22-24.
ISIS Malaysia's perspective of Budget 2025
An excellent rakyat-centric budget under the overarching principle of a caring and humane economy.
Budget 2025: Record increase in STR, SARA aid initiatives
The government will provide a significant boost to the Sumbangan Tunai Rahmah (STR) and Sumbangan Asas Rahmah (SARA) initiatives next year.
Budget 2025: EPF contributions to be made mandatory for foreign workers – PM Anwar
The government plans to make it compulsory for all non-citizen workers to contribute to the Employees Provident Fund (EPF).
What policies to expect from Indonesia's new President Prabowo
Prabowo will be open to foreign investment, his aide has said, such as by offering investors management of airports and sea ports.
Budget 2025: Govt allocates RM470 mil to empower women's participation in PMKS
The Women's Leadership Apprenticeship Program will be intensified as an effort to produce more female corporate personalities.
Israel sends more troops into north Gaza, deepens raid
Residents of Jabalia in northern Gaza said Israeli tanks had reached the heart of the camp, using heavy air and ground fire.
Indonesia ramps up security ahead of Prabowo's inauguration
Prabowo Subianto will be sworn in as Indonesia's president on Sunday with Vice President-elect, Gibran Rakabuming Raka, also taking office.
Immediate allocation of RM150 mil for local authorities, DID to tackle flash floods
Datuk Seri Anwar Ibrahim said this allocation is intended to address the recent flash floods that hit the capital and several major towns.
Budget 2025: Sabah, Sarawak to continue receiving among highest allocations - PM
Sabah and Sarawak continues to be prioritised under Budget 2025, with allocations of RM6.7 billion and RM5.9 billion respectively.