China Accused of Decade-Long Cyber-Spying Campaign

The Chinese government has been systematically penetrating computer systems in Southeast Asia for the last 10 years, according to a report released Monday by the digital security firm FireEye. The report details a decadeEUs worth of digital infiltration aimed at political, economic and military computer systems throughout the region.

The EUAPT 30 and the Mechanics of a Long-Running Cyber Espionage Operation,EU report dubbed the group APT 30 for EUadvanced persistent threat.EU The group is one of the longest-running threats it has tracked, FireEye said. APT has focused primarily on spying on networks in Southeast Asia and India, including targets in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines and Indonesia, among other countries.

Consistent Modus Operandi

In addition, APT 30EUs attack tools, tactics, and procedures (TTPs) have remained remarkably consistent since it began operating. Typically, advanced persistent threats will regularly modify their TTPs to escape detection. The report indicates that APT 30 demonstrates highly sophisticated digital intrusion behavior, including prioritizing its targets, working in shifts, and building malware tools in the context of a coherent development plan.

The group seems focused on acquiring sensitive data from a variety of targets, potentially including classified government networks. EUSuch a sustained, planned development effort, coupled with the groupEUs regional targets and mission, lead us to believe that this activity is state sponsored -- most likely by the Chinese government,EU FireEye wrote in its report.

The reportEUs findings indicate that APT 30 has developed a set of integrated digital intrusion tools over the course of its history, including downloaders, backdoors, a central controller, and several components designed to infect removable drives. The developers behind APT 30, meanwhile, exhibit sophisticated software design behavior, such as systematic labeling of its malware versioning. The malware is even capable of checking for updated versions of itself.

While other cyber-threat groups typically...

Comments are closed.