Hong Kong Hacked

Two Hong Hong government agencies have come under attack from cyber-spies originating in China in the month leading up to the recent legislative elections, according to a US cybersecurity firm.

On at least three occasions in early August, the China-based group APT 3 targeted the organizations with “spear-phishing” attacks, in which e-mails with malicious links and attachments containing malware are used to access computer networks, said John Watters, president of iSIGHT, a unit of FireEye Inc. He said the hacks were “certainly” politically motivated, based on their targets.

Watters declined to say what agencies were attacked because his firm seeks to identify attackers, not shine a spotlight on the victims. It wasn’t possible to confirm whether APT 3 was linked to any Chinese government organization, he said, adding that the Hong Kong authorities had been informed of the incidents.

The Hong Kong’s government office for information confirmed it had been informed about the hacks. “Relevant security measures had already been put in place to block the suspicious e-mails,” it said in a statement. “So far, there is no security incident report from the two concerned departments.”

Legislative Elections

While Hong Kong was returned to China in 1997, the former British colony was guaranteed a “high degree of autonomy” for at least 50 years under a deal with the UK Beijing’s influence over the financial hub has been a key campaign issue in Sunday’s elections, in which voters will select lawmakers for the city’s 70-seat Legislative Council.

“What it appears to be is an opportunity to gain information without having the transparency of having to make a request,” Watters said. “If you want to know what someone’s thinking, would you rather read their diary or hear their prepared remarks?”

It wasn’t possible to verify what information, if any, had been stolen, Watters said. The Hong Kong and Macau Affairs Office of the State Council in Beijing didn’t immediately respond to faxed questions about the incident.

Hacking Attacks

Incidents of US hacking by China-based groups have fallen since President Xi Jinping’s visited the US last September and reached a cybersecurity deal, according to FireEye. Some of those hacking groups have refocused their energies on Asian targets amid an increase in regional tensions. Vietnam in particular has come under attack with malicious code disguised as antivirus software found lurking in everything from government offices to banks, companies and universities.

FireEye linked the Hong Kong spear-phishing attack to a Watters said his firm has tracked the group since 2011, over which time it has been blamed for hacking companies in industries from telecommunications to agriculture, in countries including Germany, Italy and the US APT 3 is among the top hackers based on sophistication and constant updates of tools it uses to access networks, he said.

Mandiant, another unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrates their computers and helps them access broader networks. ISIGHT tracks malware globally, and traced its presence to the networks of the Hong Kong government agencies, Watters said.

The subject of one of the e-mails used in the attacks in Hong Kong was a report on election results with a hyperlink to what the reader would assume was the report itself, Watters said. The hyperlink leads to a compromised sub-domain that contains the malware.

Information-Management:

 

« Cybercrime & Cyberwar: A Spotter's Guide
IBM’s Watson Takes Aim At CyberSecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

CyberPion

CyberPion

Cyberpion’s groundbreaking platform enables security teams to identify and neutralize threats stemming from vulnerabilities within online assets throughout an enterprise’s ecosystem.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.