A new report from security firm FireEye released yesterday (April 12) accuses the Chinese government of having involvement in a decade-long cyber espionage operation aimed at attacking government agencies, corporations and journalists in India and across Southeast Asia.
The intelligence report, titled “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation” provides details on the group referred to as an advanced persistent threat (APT). The report suggests that the cyber spying efforts began as early as 2005 and is one of the longest operating APT groups tracked by FireEye, according to the firm’s news release about the report. FireEye, which helped mitigate the Sony cyberattack last year, is a security company that provides automated threat forensics and dynamic malware protection against advanced cyber threats. This specific group that FireEye has been tracking, known as APT 30, has concentrated its espionage efforts in Malaysia, Vietnam, Thailand, Nepal, Singapore, the Philippines and Indonesia, among other countries.
“Advanced threat groups like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” said Dan McWhorter, VP of threat intelligence at FireEye. “Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will help empower the region’s governments and businesses to quickly begin to detect, prevent, analyze and respond to this established threat.”
FireEye’s report also suggests that the targets of the APT are chosen to secure information that is suspected to serve the Chinese Government’s needs to maintain intelligence information about Southeast Asian regional political, economic, and military issues, disputed territories, and discussions as it relates to the Chinese Communist Party.
Although the Chinese government is named as the likely source of running the cyber espionage ring, FireEye’s APAC CTO Bryce Boland indicated that there isn’t concrete evidence the spying is coming directly from the Chinese government — though evidence is heavily weighing toward such accusations, he said.
“There’s no smoking gun that shows this is a Chinese government operation, but all signs point to China” Boland told TechCrunch in an interview. “There’s huge intellectual property development in Asia — that’s the new battleground.”
The security firm’s research also suggests that APT 30’s malware shows that it uses a “methodical approach to software development similar to that of established technology businesses,” which the group says is an approach similar to the organizations the cyber espionage group intended to breach. Based on the number of malware variations created by the group, FireEye was able to conclude that the efforts were abundant.
In another cybersecurity article published yesterday by CNET — unrelated to the above Chinese government accusations — research from security experts indicate that the massive cyberattack that hit Sony last year could happen to just about any company. In fact, the researchers cited that 90 percent of companies are vulnerable to similar attacks as a result of not being properly protected.
“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” stated Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker. Miller was interviewed by “60 Minutes” Sunday evening. “Not all of them are in friendly countries and the number is growing rapidly,” he added.
Miller compared the state of security breaches today to the “Wild West,” since he said there’s no sense of who’s leading the attacks and there’s little indication of who’s stepping in to protect the sensitive data of consumers, corporations and governments that are being breached. Outside of that issue, there’s also a growing number of machines and servers to protect in today’s hyper-connected world.
“The advantage goes to the offense in cyber,” Kevin Mandia, CEO of FireEye, said in the interview. While the defense must defend every computer, “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More