China accused of 10-year cyber crime campaign

Were attacks across Southeast Asia sponsored by the Chinese government?

China stands accused of conducting a decade-long cyber warfare campaign against governments and companies in Southeast Asia and India.

The allegations come from security organisation FireEye, which claims the attacks date back to at least 2005, linking the perpetrators - dubbed ATP30 - to China.

FireEye's report, ATP30 and the Mechanics of a Long-running Cyber Espionage Operation, identified targets as government and commercial entities holding "key political, economic and military information about the region".

Advertisement - Article continues below

It read: "This activity is state sponsoredmost likely by the Chinese government. The group expresses a distinct interest in organizations and governments associated with the Association of Southeast Asian Nations (ASEAN).

"APT30 is most likely trying to compromise ASEAN members or associates to steal information that would provide insight into the region's politics and economics."

The report also found that the group was highly sophisticated, using self-updating, systematically labelled and organised malware, adding that the developers supporting the malware attacks work as part of a "collaborative team environment".

Through examining the malware's controller software, it is evident that the attackers have been selecting specific, high-priority targets as part of a "consistent long-term mission".

This mission would appear to be the interception and theft of classified data, indicated by the group's ability to infect air-gapped' networks servers that have been isolated or taken offline for security reasons.

Advertisement
Advertisement - Article continues below

All of this information indicates a motivation very different from that of most hackers.

Advertisement - Article continues below

The majority of malicious network intrusions are done with a view to stealing directly profitable information such as credit card or banking credentials, or ransomable corporate secrets. They also often use smash-and-grab tactics to gain the maximum amount of data possible, sifting through it after the fact.

ATP30, on the other hand, use meta-data and low-profile intrusion to pre-select specific files on a target network before they steal them.

The files selected have frequently been related to major shifts in the Southeast Asian political landscape, but have also focused on journalistic outlets that have been openly critical of the Chinese government.

The operation as a whole bears many hallmarks of Chinese state sponsorship, FireEye said, claiming it appears directly aimed at "targets that pose a potential threat to the influence and legitimacy of the Chinese Communist Party".

Like the recent MitM attack against Google and Github DDoS, it is unlikely that official Chinese involvement will be proved.

However, it is becoming increasingly difficult to deny that China is engaged in illegal cyberattacks against its enemies. The US's National Intelligence agency recently accused China of stealing intellectual property and exploiting networks.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020
Visit/security/cyber-security/355791/cyberpeace-institute-urges-governments-to-work-together-to-stop
cyber security

Governments urged to work together to stop health care cyber attacks

26 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020