Hong Kong Hacked

Two Hong Hong government agencies have come under attack from cyber-spies originating in China in the month leading up to the recent legislative elections, according to a US cybersecurity firm.

On at least three occasions in early August, the China-based group APT 3 targeted the organizations with “spear-phishing” attacks, in which e-mails with malicious links and attachments containing malware are used to access computer networks, said John Watters, president of iSIGHT, a unit of FireEye Inc. He said the hacks were “certainly” politically motivated, based on their targets.

Watters declined to say what agencies were attacked because his firm seeks to identify attackers, not shine a spotlight on the victims. It wasn’t possible to confirm whether APT 3 was linked to any Chinese government organization, he said, adding that the Hong Kong authorities had been informed of the incidents.

The Hong Kong’s government office for information confirmed it had been informed about the hacks. “Relevant security measures had already been put in place to block the suspicious e-mails,” it said in a statement. “So far, there is no security incident report from the two concerned departments.”

Legislative Elections

While Hong Kong was returned to China in 1997, the former British colony was guaranteed a “high degree of autonomy” for at least 50 years under a deal with the UK Beijing’s influence over the financial hub has been a key campaign issue in Sunday’s elections, in which voters will select lawmakers for the city’s 70-seat Legislative Council.

“What it appears to be is an opportunity to gain information without having the transparency of having to make a request,” Watters said. “If you want to know what someone’s thinking, would you rather read their diary or hear their prepared remarks?”

It wasn’t possible to verify what information, if any, had been stolen, Watters said. The Hong Kong and Macau Affairs Office of the State Council in Beijing didn’t immediately respond to faxed questions about the incident.

Hacking Attacks

Incidents of US hacking by China-based groups have fallen since President Xi Jinping’s visited the US last September and reached a cybersecurity deal, according to FireEye. Some of those hacking groups have refocused their energies on Asian targets amid an increase in regional tensions. Vietnam in particular has come under attack with malicious code disguised as antivirus software found lurking in everything from government offices to banks, companies and universities.

FireEye linked the Hong Kong spear-phishing attack to a Watters said his firm has tracked the group since 2011, over which time it has been blamed for hacking companies in industries from telecommunications to agriculture, in countries including Germany, Italy and the US APT 3 is among the top hackers based on sophistication and constant updates of tools it uses to access networks, he said.

Mandiant, another unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrates their computers and helps them access broader networks. ISIGHT tracks malware globally, and traced its presence to the networks of the Hong Kong government agencies, Watters said.

The subject of one of the e-mails used in the attacks in Hong Kong was a report on election results with a hyperlink to what the reader would assume was the report itself, Watters said. The hyperlink leads to a compromised sub-domain that contains the malware.

Information-Management:

 

« Cybercrime & Cyberwar: A Spotter's Guide
IBM’s Watson Takes Aim At CyberSecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.