Hackers with ties to Beijing spent the past 10 years targeting governments
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
April 13, 2015
A group of hackers with suspected ties to China has spent the past ten years targeting various governments, journalists and several companies across many countries in Asia, according to cybercrime experts.
So-called APT-30, the activities of the group were detailed in a report published today by FireEye, a U.S.-based provider of internet security software.
To be sure, FireEye said that the hackers used malicious software to access several computers across Southeast Asia and India that "hold key political, economic, and military information about the region."
"Our analysis of APT30 clearly reveals how a dedicated group can persistently compromise entities across an entire region and subcontinent, totally unabated, with little or no need to significantly change their modus operandi," the report said.
Is China behind the attacks? Well, in 2013, security firm Mandiant convincingly linked another hacker group to the Chinese military, even identifying the unit's office in Shanghai.
The U.S. Department of Justice later indicted five of the group's officers, accusing them of violating federal laws by hacking to spy and steal government and military secrets.
Mandiant was acquired last year by FireEye. In the case of APT-30, there is less evidence linking Beijing directly to the group, however. Nevertheless, FireEye strongly suspects that China is behind the internet attacks.
"Such a sustained, planned development effort, coupled with the group's regional targets and mission, lead us to believe that this activity is state sponsored-- most likely by the Chinese government," FireEye added.
China has a long history as a nasty hacking country, and has repeatedly denied engaging in hacking, insisting that it is the victim of many cyber attacks-- most originating in the United States and at times from Russia.
"The Chinese government firmly prohibits and cracks down on all forms of hacker attacks," said Hong Lei, spokesman for China's Ministry of Foreign Affairs, in response to the FireEye report.
"Our stance has been persistent and very clear-- Hacking is a global issue that requires a global response based on cooperation, instead of groundless accusations and suspicions," he added.
What the hackers wanted are forged credit card numbers-- APT30 hackers were after documents that might be useful to a government seeking to influence events in Asia, but the stolen credit cards are also very much in demand, nevertheless.
In particular, the group concentrated on political, economic and military issues in Southeast Asia, including several disputed territories.
No less than 10 national governments were targeted, including Thailand, South Korea, Vietnam, India and Malaysia.
APT-30 hackers developed a standard set of tools and techniques since around 2005, allowing them to work in shifts.
It hid malware in emails sent to unsuspecting targets. When downloaded, malware can give hackers control of a target's computer and obtain access to its network.
To be sure, FireEye described one episode last year when APT30 attacked more than thirty targets in an Asian country that was undergoing a significant political transition.
APT30 sent fake emails that looked as if they came from an official government agency. The emails were written entirely in the target country's language, and the subject line read-- "Foreign journalists' Reactions to the political transition."
In 2012, APT30 sent an email to more than fifty reporters with the subject line "China MFA Press Briefing 29 October 2012-Full Transcript."
Other tactics were more sophisticated, including methods that provided access to networks that were not connected to the Internet at that time.
In some cases, the group would seek to infect a target's home computer. If a portable storage device was connected to that computer, and later to a device within the secure network, APT30 would gain access.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!