Hong Kong Hacked

Uploaded on 2016-09-08 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Two Hong Hong government agencies have come under attack from cyber-spies originating in China in the month leading up to the recent legislative elections, according to a US cybersecurity firm.

On at least three occasions in early August, the China-based group APT 3 targeted the organizations with “spear-phishing” attacks, in which e-mails with malicious links and attachments containing malware are used to access computer networks, said John Watters, president of iSIGHT, a unit of FireEye Inc. He said the hacks were “certainly” politically motivated, based on their targets.

Watters declined to say what agencies were attacked because his firm seeks to identify attackers, not shine a spotlight on the victims. It wasn’t possible to confirm whether APT 3 was linked to any Chinese government organization, he said, adding that the Hong Kong authorities had been informed of the incidents.

The Hong Kong’s government office for information confirmed it had been informed about the hacks. “Relevant security measures had already been put in place to block the suspicious e-mails,” it said in a statement. “So far, there is no security incident report from the two concerned departments.”

Legislative Elections

While Hong Kong was returned to China in 1997, the former British colony was guaranteed a “high degree of autonomy” for at least 50 years under a deal with the UK Beijing’s influence over the financial hub has been a key campaign issue in Sunday’s elections, in which voters will select lawmakers for the city’s 70-seat Legislative Council.

“What it appears to be is an opportunity to gain information without having the transparency of having to make a request,” Watters said. “If you want to know what someone’s thinking, would you rather read their diary or hear their prepared remarks?”

It wasn’t possible to verify what information, if any, had been stolen, Watters said. The Hong Kong and Macau Affairs Office of the State Council in Beijing didn’t immediately respond to faxed questions about the incident.

Hacking Attacks

Incidents of US hacking by China-based groups have fallen since President Xi Jinping’s visited the US last September and reached a cybersecurity deal, according to FireEye. Some of those hacking groups have refocused their energies on Asian targets amid an increase in regional tensions. Vietnam in particular has come under attack with malicious code disguised as antivirus software found lurking in everything from government offices to banks, companies and universities.

FireEye linked the Hong Kong spear-phishing attack to a Watters said his firm has tracked the group since 2011, over which time it has been blamed for hacking companies in industries from telecommunications to agriculture, in countries including Germany, Italy and the US APT 3 is among the top hackers based on sophistication and constant updates of tools it uses to access networks, he said.

Mandiant, another unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.

Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrates their computers and helps them access broader networks. ISIGHT tracks malware globally, and traced its presence to the networks of the Hong Kong government agencies, Watters said.

The subject of one of the e-mails used in the attacks in Hong Kong was a report on election results with a hyperlink to what the reader would assume was the report itself, Watters said. The hyperlink leads to a compromised sub-domain that contains the malware.

Information-Management:

 

« Cybercrime & Cyberwar: A Spotter's Guide
IBM’s Watson Takes Aim At CyberSecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) protects Singapore from external threats and safeguards its interests in areas related to terrorism, cyber security, other transnational threats, and geopolitics

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Adaptiva

Adaptiva

Adaptiva, the autonomous endpoint management company, delivers the fastest way to patch and manage endpoints at scale.