Chinese hacker group among first to target networks isolated from Internet

13 Apr 2015 | Author: | No comments yet »

China hackers spying on Malaysia, other SEA countries: Report.

A Chinese state-backed hacking group has been stealing information from foreign companies and journalists for more than a decade undetected, it is claimed.KUALA LUMPUR — Government-backed hackers from China have been running a cyber-espionage operation targeting Malaysia and other Southeast Asian countries for at least a decade, a US cyber security company has said.China’s government is probably behind an anonymous group that has been cyber-spying on Indian companies and officials for close to decade now, American security experts say. US cybersecurity company FireEye says the group has even managed to carry out sophisticated attacks on networks which are not connected to the internet.

Now, a team of researchers accuses the country—or at least residents of it—of conducting cyber espionage and attack operations for the last decade. The group, dubbed “APT30″ in a report published by cyber security firm FireEye on April 13, primarily targets businesses, governments and military operations in India and other ASEAN (Association of Southeast Asian Nations) countries.

FireEye’s chief technology officer Bryce Boland said he believes China is behind APT30, saying it had stolen information “about journalists, dissidents and political developments in relation to China targeting government and military organisations, and targeting economic sectors of interest to China’s economy”. FireEye further said the hackers have been targeting nations in Asean, of which Malaysia is chair, around the time of official Asean meetings to glean insight on the region’s politics and economics. “With activity spanning more than ten years, APT30 is one of the longest operating threat groups that we have encountered and one of the few with a distinct regional targeting preference,” said the report. “Some of the their tools’ capabilities, most notably the ability to infect air gapped networks, suggest both a level of planning and interest in particularly sensitive data, such as that housed on government networks,” the report added. Mr Boland told the Financial Times: “That shows the sophistication in targeting the more sensitive government networks, and particularly military and non-internet connected networks.

The Diplomat, a current affairs magazine for the Asia-Pacific region, said last month that Malaysia has been using a “playing it safe” approach on the South China Sea issue amid China’s increasing assertiveness in the past few years. While the report is based upon much research conducted by FireEye, they point in particular to operating manuals and a code base for the attacks that have been developed in China. The researchers have dubbed the group behind the scheme APT30—where the APT stands for “advanced persistent threat.” The report suggests that operations have been carried out to acquire knowledge of military, economic, and political details of the targeted countries. Some malware includes commands to allow it to be placed in ‘hide’ mode and to remain stealthy on the victim host, presumably for long-term persistence. Our analysis of APT30 illuminates how a group can persistently compromise entities across an entire region and subcontinent, unabated, with little to no need to significantly change their modus operandi.

Using malware nicknamed Backspace and Neteagle by FireEye, and related tools the security firm dubbed Shipshape, Spaceship and Flashflood, APT30 gains access to files across political, military, and economic affairs of various countries. “We have observed APT30 target national governments, regionally based companies in ten industries, and members of the media who report on regional affairs and Chinese government issues,” FireEye said. Based on our malware research, we are able to assess how the team behind APT30 works: they prioritize their targets, most likely work in shifts in a collaborative environment, and build malware from a coherent development plan.

FireEye notes that the operations seem to have been in search of “sensitive information theft for government espionage”—but that alone is not enough to lay the blame at the government’s feet. [FireEye via TechCrunch via The Verge]

Here you can write a commentary on the recording "Chinese hacker group among first to target networks isolated from Internet".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site