A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, marking one of the longest-running and most efficient campaigns unveiled, according to security company FireEye Inc.
Named APT30, the group increased hacking activity ahead of regional diplomatic meetings and also targeted at least 15 companies in communications, technology, finance and aviation, the U.S. cybersecurity provider said. Parts of India’s military were also targeted, it said.
FireEye, whose Mandiant division identified a sophisticated Chinese military hacking unit before the U.S. issued indictments against members of that group, said it didn’t have the evidence to prove China’s connection to APT30. Software code and language are among indicators the software used to manage the attacks was developed in China, FireEye said.
“Given the types of targets as well as how the victims were targeted and who the targets were, what was being sought was clearly relevant to Chinese national interests,” Bryce Boland, chief technology officer for Asia-Pacific at FireEye, said in an interview. “All indications point to the Chinese government, I just don’t have a smoking gun.”
Since at least 2005, APT30 distributed malicious software, known as malware, that then gave hackers access to computers among countries in the Association of Southeast Asian Nations and India, FireEye said in a report released today.
Cyber Victim
China’s foreign ministry, defense ministry and Internet regulator have repeatedly denied that the nation is behind any cyber attacks. Hua Chunying, a foreign ministry spokeswoman, told reporters on March 30 that the country is “one of the major victims” of cyber attacks.
China’s Cyberspace Administration Office didn’t immediately respond to faxed questions about the FireEye report.
According to University of Toronto researchers, China has begun using an “offensive system” able to disrupt access to websites outside its borders.
The deployment of this system represents a “significant escalation in state-level information control,” the university’s Citizen Lab said in a report posted to its website Friday. This system, dubbed the “Great Cannon,”, was used in recent attacks on GitHub Inc. and servers used by GreatFire.org, according to the university’s report.
Software Package
APT30 used a package of software, named Backspace and Neteagle, and related tools called Shipshape, Spaceship and Flashflood, to go after files from targets involved in political, military, and economic affairs, according to the FireEye report. Media organizations and journalists were also targeted, it said
Targeting of computers not directly connected to the Internet -- known as air-gapped networks -- showed the hackers were seeking the most-sensitive types of information and knew how to exploit USB thumb drives to steal files, Boland said. Its targeting of air-gapped systems since 2005 is one of the earliest observed examples of such a strategy, FireEye said.
“The attacks against the high-tech sector were quite focused on gaining access to schematics and design information for products,” Boland said, declining to name specific targets.
By sending e-mails that appeared to come from legitimate correspondents, including letters written fluently in local languages such as Thai, the hackers were able to trick targets into opening infected documents that installed malware.
Spear Phishing
In one instance, hackers sent an e-mail purporting to come from a trusted source -- known as spear phishing -- to more than 50 journalists with a subject line containing the phrase “China MFA Press Briefing,” FireEye said. MFA is an abbreviation for the Ministry of Foreign Affairs.
FireEye identified seven countries as confirmed targets, including India and the U.S. A further 10 nations were classified as “likely” targets.
The APT30 group used spear phishing techniques to seek information on military relations between China and India and contested regions, FireEye said.
Orderly updates of the malware and the keeping of detailed records of software versions indicate a large, efficient and tightly run group, FireEye said.
“We have observed APT30 target national governments, regionally-based companies in 10 industries, and members of the media who report on regional affairs and Chinese government issues,” FireEye said. “The group expresses a distinct interest in organizations and governments associated with ASEAN, particularly so around the time of official ASEAN meetings.”
APT30 released customized variants of its malware to coincide with ASEAN meetings in Jakarta, Phnom Penh and New Delhi, according to the report.
Bloomberg
Mon Apr 13 2015
A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, a security company said.
MOT, Khazanah, MAG perlu perkukuh tadbir urus MAB - PM Anwar
Jelas Anwar lagi, pengurusan syarikat penerbangan yang baik juga akan memberi manfaat kepada kakitangan melalui gaji yang setimpal dengan perkhidmatan mereka.
Kontroversi UM: Mahasiswa protes, tuntut tindakan tegas pihak jemput profesor pro-Israel
Sekumpulan mahasiswa Universiti Malaya (UM) hari ini mengadakan perhimpunan membantah tindakan menjemput penceramah pro-Zionis memberi ceramah di institusi itu baru-baru ini.
[INFOGRAFIK] Penstrukturan Semula Akaun KWSP | Berkuatkuasa 11 Mei 2024
Berikut adalah info berkenaan dengan Penstrukturan Semula Akaun KWSP.
Sekatan terhadap penceramah asing pro-Zionis demi keselamatan negara - Zambry
Sekatan terhadap penceramah asing pro-Zionis perlu dilihat dari aspek keselamatan dan imej negara yang boleh terjejas akibat kenyataan mereka.
Kekejaman zionis: Universiti Columbia ilhamkan gelombang protes nasional
Protes di Universiti Columbia membantah perang Israel di Gaza telah mencetuskan gelombang demonstrasi serupa di kampus kolej seluruh Amerika Syarikat.
Pemilik stesen minyak didenda RM30,000 jual RON95 kepada kenderaan asing
Hakim menjatuhkan hukuman itu ke atas Mohammad Naziruddin Abu Hassan, 61, selaku Orang Kena Saman (OKS) selepas mengaku bersalah atas pertuduhan itu.
Komen jelik tentang nahas helikopter TLDM, peniaga didenda RM23,000
Seorang peniaga dalam talian didenda RM23,000 oleh Mahkamah Sesyen Taiping pada Jumaat, selepas mengaku bersalah atas tuduhan memuat naik komen jelik berhubung nahas helikopter milik Tentera Laut Diraja Malaysia (TLDM) di Lumut, yang mengorbankan 10 mangsa.
Lima laluan ditutup sementara sempena hari penamaan calon PRK KKB esok
Jalan yang terlibat bagi penutupan sementara itu ialah Jalan Merdeka, Jalan Abdul Hamid, Jalan Dato Muda Jaafar, Jalan Mat Kilau dan Jalan Kamarudin.
[TERKINI] Mahasiswa bersama Palestin
Sekumpulan mahasiswa Universiti Malaya yang berang dengan tindakan Institut Pengajian China, Universiti Malaya (UM) menjemput individu pro-Zionis untuk menyampaikan seminar ilmiah, akhirnya turun berdemonstrasi bagi menyuarakan bantahan mereka terhadap Zionis dan sokongan mereka terhadap perjuangan membebaskan Palestin.
#AWANInews
#AWANInews
[TERKINI] Sarjana ‘berkualiti rendah’ tak patut dijemput - PM Anwar
Universiti Malaya sebelum ini menerima kecaman kerana membenarkan Gilley menyebarkan propaganda Zionis dan menuduh ahli politik Malaysia yang menyokong perjuangan Palestin menyebarkan kebencian terhadap Yahudi.
Pembangunan digital ASEAN perlukan cybersecurity sebagai keutamaan yang tinggi - Gobind
Para pemimpinnya, yang bertanggungjawab untuk pembangunan Teknologi Maklumat dan Komunikasi (ICT) dan cybersecurity, perlu mempunyai perubahan set minda.
Cyberjaya jadi tuan rumah kepada Pusat Transparensi Kaspersky
Dapat kerjasama CyberSecurity Malaysia, sebuah agensi di bawah Kementerian Komunikasi dan Multimedia serta pakar-pakar keselamatan siber kebangsaan.
Microsoft, CyberSecurity mahu peruntukan untuk tingkat kesedaran keselamatan siber
CyberSecurity Malaysia dan Microsoft Malaysia mahu peruntukan untuk meningkatkan kesedaran mengenai keselamatan siber negara dan mendidik orang ramai di bawah Bajet 2018 memandangkan Malaysia kini ber
Serangan e-mel jadi pilihan utama penyerang siber di Malaysia pada 2016
Serangan e-mel merupakan senjata paling digemari para penyerang siber di Malaysia tahun lepas.
Penggodaman laman web MAS boleh dielak jika sistem sentiasa dipantau - CyberSecurity Malaysia
CyberSecurity Malaysia berkata penggodaman laman web MAS boleh dielakkan sekiranya sistemnya sentiasa dipantau dan diperbaharui.