Today, the U.S. network security company Fire Eye Inc. published a new report highlighting the cyber espionage activities of a sophisticated hacker group, labelled APT30 (Advanced Persistent Threat), which has been attacking critical information infrastructure in Southeast Asia and India for almost a decade now, and is allegedly connected to Chinese government entities.
The new report is part of a slowly emerging modus operandi in which cybersecurity firms are time and again trying to highlight alleged government sponsored cyberattacks in order to deter future hacks but also to gain publicity and promote their own business interests (see: “The Axiom Report: Cybersecurity and Its Impact on China-US Relations”).
The attacks of APT 30 began at least a decade ago and concentrated on, “Southeast Asia regional political, economic, and military issues, disputed territories, and topics related to the legitimacy of the Chinese Communist Party,” the report’s authors said.
The hackers developed more than 200 versions of malware and were even capable of intruding highly secured air-gapped networks to steal data:The hackers also targeted Indian organizations and furthermore specifically singled out journalists reporting “on issues traditionally considered to be focal points for the Chinese Communist Party’s sense of legitimacy, such as corruption, the economy, and human rights.”
APT30 malware includes the ability to steal information (such as specific file types), including, in some cases, the ability to infect removable drives with the potential to jump air gaps. Some malware includes commands to allow it to be placed in ‘hide’ mode and to remain stealthy on the victim host, presumably for long-term persistence.
Unlike other attacks, APT 30 activities in cyberspace did not include the stealing of intellectual property data or sensitive cutting-edge technologies from Indian and Southeast Asian private-sector companies, but instead focused “on acquiring sensitive data about the immediate Southeast Asia region, where they pursue targets that pose a potential threat to the influence and legitimacy of the Chinese Communist Party.”
APT 30 was particularly interested in the activities of the 10-member Association of Southeast Asian Nations (ASEAN) in order to gain insights into Southeast Asia political dynamics, according to Fire Eye Inc. The United States recently pledged to help build ASEAN’s cyber capabilities, and help foster regional cooperation among member states on cybersecurity.
The conclusion of the report’s authors is as follows:
(…) APT30 serves a government’s needs for intelligence about key government and industry entities in Southeast Asia and India (…) Such a sustained, planned development effort coupled with the (hacking) group’s regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government.
The Chinese response to the allegations so far has been predictable. Reuters quotes Chinese Foreign ministry spokesman Hong Lei’: “I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure.”