China accused of decade-long cyber espionage campaign

What appears to be a China-sponsored cyber espionage campaign, which has been operating in the Asia-Pacific region “since at least 2005”, has been uncovered.

A new report released by FireEye on Sunday (APT30 and the Mechanics of a Long-Running Cyber Espionage Operation) examines malware incidents across the APAC region over the last decade, and concludes that they were all the work of one group, which it calls ‘APT30’.

APT30’s “sustained, planned development effort, coupled with [its] regional targets and mission” bears all the hallmarks of a state-sponsored campaign — “most likely by the Chinese government.”

The report notes that “[the] group’s primary goal appears to be sensitive information theft for government espionage” and that “their social engineering efforts suggest the group is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy.”

Long-term mission

One interesting feature of the campaign is that the group demonstrably had a long-term mission. FireEye notes that there seems to have been “little need” for the group to “significantly change [its] modus operandi” over the last ten years: malware, backdoors, and tools used by APT30 – including BACKSPACE, NETEAGLE, SHIPSHAPE, SPACESHIP, and FLASHFLOOD – were built following a “coherent development plan”, and have been regularly updated and refined according to a “modularized development framework”. There is even a built-in “version check that allows the malware to update to the latest copy”.

Chinese cyber crime

China has been at loggerheads with the West over cybersecurity for some time.

These incidents are only the tip of the iceberg. For more information on Chinese state-sponsored cyberwarfare, read 21st Century Chinese Cyberwarfare, which examines the issue in depth. Order your copy today >>