'Chinese hackers' were sniffing SE Asian drawers for YEARS

Nefarious, gov-sponsored, secret-grabbing life begins APT 30

Security researchers have exposed a decade-long cyber-spying campaign that targeted south-east Asia and India since 2004.

The so-called APT 30 hackers are likely to be agents of the Chinese government, according to network security company FireEye.

APT 30's primary goal appears to be the theft of sensitive information for government espionage purposes. Its malware includes the ability to steal information (such as specific file types), including the ability to infect removable drives, a tactic that offers the potential to hack computers not connected to the internet for security reasons.

The group is particularly interested in regional political, military, and economic issues, disputed territories, and media organisations and journalists reporting on topics pertaining to China. The vast majority of APT 30’s victims are in Southeast Asia, including in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines, Indonesia and others.

Based on an analysis of 200 malware samples linked to the group, FireEye concluded its malware has "a structured and organised workflow", and a "coherent development approach". What it describes is a factory for mass producing and refining trojans and spyware that's probably geared towards supplying the Chinese government with intelligence.

Unusually, APT 30’s attack tools, tactics and procedures (TTPs) have remained largely unchanged for years. This may indicate that APT 30 has been consistently successful in compromising targets, demonstrating the need for better detection capabilities. The campaign shows that state-sponsored data theft is a global problem, FireEye concludes.

FireEye's intel report on APT 30 can be found here (PDF). Its main conclusions are summarised in a blog post here. ®




Biting the hand that feeds IT © 1998–2018