What appears to be a China-sponsored cyber espionage campaign, which has been operating in the Asia-Pacific region “since at least 2005”, has been uncovered.
A new report released by FireEye on Sunday (APT30 and the Mechanics of a Long-Running Cyber Espionage Operation) examines malware incidents across the APAC region over the last decade, and concludes that they were all the work of one group, which it calls ‘APT30’.
APT30’s “sustained, planned development effort, coupled with [its] regional targets and mission” bears all the hallmarks of a state-sponsored campaign — “most likely by the Chinese government.”
The report notes that “[the] group’s primary goal appears to be sensitive information theft for government espionage” and that “their social engineering efforts suggest the group is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy.”
One interesting feature of the campaign is that the group demonstrably had a long-term mission. FireEye notes that there seems to have been “little need” for the group to “significantly change [its] modus operandi” over the last ten years: malware, backdoors, and tools used by APT30 – including BACKSPACE, NETEAGLE, SHIPSHAPE, SPACESHIP, and FLASHFLOOD – were built following a “coherent development plan”, and have been regularly updated and refined according to a “modularized development framework”. There is even a built-in “version check that allows the malware to update to the latest copy”.
Chinese cyber crime
China has been at loggerheads with the West over cybersecurity for some time.
- Last month, President Obama criticized proposed Chinese technology regulations, which will require developers to hand over code to the Chinese Government and build backdoors into hardware and software.
- An APWG report released last December found that China was to blame for 85% of fake websites used in phishing scams.
- Last year, a report into cyber attacks on US military contractors found that about 50 cyber attacks – 20 of which were advanced persistent threats (APTs) – could be traced back to China.
These incidents are only the tip of the iceberg. For more information on Chinese state-sponsored cyberwarfare, read 21st Century Chinese Cyberwarfare, which examines the issue in depth. Order your copy today >>