Chinese government behind 10-year cyberattack on Southeast Asia, research claims
Mon 13 Apr 2015
Hackers, thought to be acting on behalf of the Chinese government, have been conducting a decade-long cyber espionage operation on governments and businesses in Southeast Asia and India, according to research published by internet security firm FireEye.
The company released information today suggesting that the spying campaign dates back to at least 2005 and that it focuses on “targets – government and commercial – who hold key political, economic and military information about the region.”
“Such a sustained, planned development effort coupled with the group’s regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government,” said FireEye.
Bryce Boland, FireEye’s CTO for the Asia Pacific region and co-author of the report, said that the cyberattack was still ongoing, confirming that the servers used by the hackers were still in operation. The security company also noted that many of its customers were among the targets of the attack.
China continues to deny that it uses online espionage operations to spy on foreign governments and organisations. Neither the Foreign Ministry nor the internet regulator Cyberspace Administration of China has responded to the claims made in the FireEye report.
The current accusations describe a campaign that is larger in scale and longer in duration than similar operations originating from China, said Boland. He continued to describe the group as including two software developers but did not add any detail about the alleged size of the group.
Boland also noted that as the cyberattack remained undetected [gated] for so long, the hackers were able to re-use techniques and malware dating back to 2005. The group not only targeted governments, but large-scale organisations, journalists reporting on China, as well as energy, transport and telecommunications industries.
It is thought that the attackers used email phishing campaigns to gain access to secure networks. Boland said that at this early stage of detection it was not possible to understand the real extent of the damage caused by the attacks, but argued that this could be “massive.”
“Without being able to detect it, there’s no way these agencies can work out what the impacts are. They don’t know what has been stolen.”