China’s Cyber Attacks on Governments and Corporates in Asia

Uploaded on 2015-04-16 in INTELLIGENCE--International, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

fireeye_PRWEEK_600x400-20150414050236139.png

 

The Chinese government is accused of being behind a newly discovered set of cyber attacks waged against government agencies, corporate companies and journalists across India and Southeast Asia over the past ten years.

Security firm FireEye released a report today revealing a spate of corporate espionage and cyber spying offenses against targets located in India, Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines, Indonesia and beyond. The group said attacks began in 2005.

“There’s no smoking gun that shows this is a Chinese government operation, but all signs point to China” FireEye’s APAC CTO Bryce Boland told TechCrunch in an interview. “There’s huge intellectual property development in Asia, that’s the new battleground.”

Boland referenced several pieces of evidence collected by FireEye following “months” of research. In particular, the existence of an operating manual written in Chinese, a code base that was seemingly developed by Chinese developers, and a related domain registered to a suspicious ‘tea company’ in rural China, all imply Chinese involvement.
FireEye’s report caps a rough few days of media coverage for China’s Internet strategy. China put on a (falsely) friendly front when hosted the World Internet Conference last year, but increasingly we hear about its efforts to police the web. Last week, Citizen Lab issued a report detailed Great Canon, a new technology that allows the Chinese government to take down websites — like Github.com — using a worryingly direct and offensive approach.
Of course, it is possible that the attacks highlighted by FireEye were not run directly by the state, and instead by a professional espionage agency, which may have sold secrets to Chinese corporates or even the government itself. Actors are very often a few degrees removed, and concrete evidence is hard to find.

All in all, FireEye detected more than 200 distinction variations of malware developed by the group. The fact that these attacks remained undetected for so long is troubling given the sensitivity of the targets, but there is a positive. Boland explained that because the infrastructure of the attacks had been able to remain similar for years, it isn’t difficult to check on potential compromises and take action if needed.
FireEye shared its report with certain intelligence agencies worldwide in advance of making it public. Though Boland declined to be more specific about exactly which ones had been contacted, he did confirm that FireEye does not provide details of its intelligence or reports to the Chinese government.

Techcrunch

« NSA’s Plan to Snowden-Proof Data Using the Cloud
Russia's Cyber Attacks Grow More Brazen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Reposify

Reposify

Reposify’s cybersecurity solution identifies, manages and defends companies’ global digital footprints.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.