China accused of cyber-espionage campaign

Cyber security company FireEye has shared details of a decade-long advanced persistent threat (APT) campaign targeting governments, journalists and companies across South East Asia and India.

FireEye believes the cyber gang, dubbed APT 30, is backed by the Chinese government, an accusation that was denied yesterday by Beijing.

“I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts,” Reuters quoted foreign ministry spokesman Hong Lei as saying. “This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with co-operatively rather than via mutual censure.”

FireEye’s report, “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation”, said that APT 30 had not altered its tools, tactics, and procedures (TTPs) since it began operating in 2005, which is a rare approach from cyber-bandits, who commonly switch procedures to evade detection.

FireEye’s analysis of the malware created by the group “reveals a methodical approach to software development, similar to that of established technology businesses”, according to the company. FirEye also noted that APT 30’s methodology “aligns closely” with the infrastructure of their targets.

FireEye speculates that the data gathered from the attacker’s targets is likely “intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party”.

“Advanced threat groups like APT 30 show that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” said Dan McWhorter, VP of threat intelligence, FireEye.

“Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will empower the region’s governments and businesses to quickly begin to detect, prevent, analyze and respond to this established threat.”