PH likely target of cyber spying campaign?

Chris Schnabel
Cyber security firm FireEye says an advanced persistent threat group is likely linked to the Chinese government and targets governments, firms, and journalists in Southeast Asia

MANILA, Philippines – A cyber espionage campaign targeting governments, businesses, and journalists across Southeast Asia, has been ongoing, undetected for at least a decade. 

FireEye Incorporated, a NASDAQ listed leading cyber security firm, detailed this threat in a briefing on its latest intelligence report entitled, “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation,” held in Manila on Tuesday, May 19.

The report provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group that the firm said is “likely sponsored by the Chinese government.”

“Advanced threat groups like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and organizations in the Philippines and Southeast Asia,” said Wias Issa, senior director at FireEye.

Issa added that the group maintains operations on a large scale and is advanced to the point that they have been known to break into even air-gapped computers or those that are not connected to the Internet.

How APT 30 works

VIGILANT. FireEye Senior Director Wias Issa explains the techniques Advanced Persistent Threat (APT 30) group uses and the threat it poses. Photo by Chris Schnabel / Rappler

Conducting cyber espionage since at least 2005, APT 30 is one of the longest operating APT groups that FireEye tracks.

The group has maintained largely consistent targeting in Southeast Asia and India, the report stated.

From July to December 2014, FireEye products detected malware (malicious software) used by APT groups and other actors targeting the networks of 29% of its customers in Southeast Asia.

The report further states that their targets possess information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian political, economic, and military issues.

Issa added that journalists that have been covering disputed territories, human rights issues, and discussions related to the legitimacy of the Chinese Communist Party have also been targeted.

APT30 appears to focus not on stealing businesses’ valuable intellectual property or technologies, but on acquiring sensitive data about the immediate Southeast Asian region, where they pursue targets that pose a potential threat to the influence of the Chinese Communist Party, the report stated.

Issa also revealed that FireEye reverse engineering of APT malware revealed that the interface used by hackers was built using the Chinese language and identified users by their QQ nicknames.

QQ is a popular instant messaging and micro-blogging platform in China.

Philippines as target?

FireEye has confirmed that the group has targeted organizations in Malaysia, Thailand, and Vietnam.

The Philippines is on the list of countries that FireEye thinks APT30 has likely targeted but cannot confirm. The list also includes other Association of Southeast Asian Nations (ASEAN) like Brunei, Cambodia, Indonesia, Laos, Myanmar, and Singapore.

It appears that some of the 200 samples of APT 30 malware included in the investigation targeted organizations in the Philippines, the report read.

Aside from the ongoing South China Sea territorial dispute with China, another reason the group may target organizations in the Philippines is because of the burgeoning business process outsourcing (BPO) industry.

A lot of BPO firms in the country process data from multinational corporations that are frequent targets of groups like APT30, as well as other cyber criminals intent on economic gain, said Eric Hoh, FireEye president for Asia-Pacific and Japan.

Multinationals may spend millions of dollars on cyber security for their main systems, but the call centers who process their data do not have that kind of sophistication and it may be another way for hackers to attack their multinational clients, Hoh explained.

Since the global publishing of the report in April of this year, no confirmed attacks have been carried out by APT30, although FireEye expects them to resurface soon as that is the general pattern, Issa said.

Countries have been spying on each other for hundreds of years, this is just taking it into the cyber arena, he added. – Rappler.com

 

Lock on digital screen” image by Shutterstock