China Has Been Spying On South-East Asian Governments For 10 Years, Report Claims
China, via a government-sponsored group APT30, has been spying on South-East Asian governments and commercial entities for the last decade, claims a new report.
The FireEye intelligence claims that the group has been maintaining an advanced persistent threat operation.
APT30 has focused on targeting government and commercial entities, as well as media organizations and journalists that hold key political, economic, and military information, mainly in South-East Asia, relevant to the Chinese government, ZD Net reported.
FireEye claimed to have uncovered the suite of tools that APT30 used to seal data over the last 10 years that includes downloaders, backdoors, a central controller and several other components designed to infect removable drives and to seal files from air-gapped networks.
"Advanced threat group like APT30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world," said Dan McWhorter, FireEye vice president of threat intelligence.
"Given the consistency and success of APT30 in South-East Asia and India, the threat intelligence on APT30 we are sharing will help empower the region's governments and businesses to quickly begin to detect, prevent, analyze, and respond to this established threat."
FireEye APAC chief technology officer Bryce Boland issued a warning through a blog post that organizations, particularly in Asia, need to prioritize security to avoid falling victim to online crimes.
"As APAC CTO for FireEye, I regularly find that organizations in Asia feel they are not likely to be a target of advanced cyberthreat. In fact, advanced attackers, aware of the complacency, are exploiting it," he said. "The reality is that groups like APT30 are actively and successfully stealing sensitive information across the region, and this region has some of the highest levels of targeted attacks that we see across the world.
"This group has been able to operate successfully and remain undetected for many years, and has not even had to change their attack infrastructure -- a clear sign that their victims don't realise this is happening."
