Categories
Quick Analysis

China hacks into governments, corporations, and journalists

China’s aggressive military actions against its neighbors have been the subject of discussion. Less publicized has been its extensive and hostile cyberespionage actions against those same nations and others. A report  just released by Fireeye, Inc.  analyzes the issue:

“When our Singapore-based Fireeye labs team examined malware aimed predominantly at entities in Southeast Asia and India, we suspected that we were peering into a regionally focused cyber espionage operation. The malware revealed a decade-long operation focused on targets—government and commercial—who hold key political, economic, and military information about the region.

“This group, who we call APT30, stands out not only for their sustained activity and regional focus, but also for their continued success despite maintaining relatively consistent tools, tactics, and infrastructure since at least 2005. In essence, our analysis of APT30 illuminates how a group can persistently compromise entities across an entire region and subcontinent, unabated, with little to no need to significantly change their modus operandi.

“Based on our malware research, we are able to assess how the team behind APT30 works: they prioritize their targets, most likely work in shifts in a collaborative environment, and build malware from a coherent development plan. Their missions focus on acquiring sensitive data from a variety of targets, which possibly include classified government networks and other networks inaccessible from a standard Internet connection. While APT30 is certainly not the only group to build functionality to infect air-gapped networks into their operations, they appear to have made this a consideration at the very beginning of their development efforts in 2005, significantly earlier than many other advanced groups we track. Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored—most likely by the Chinese government.

“APT30 predominantly targets entities that may satisfy governmental intelligence collection requirements. The vast majority of APT30’s victims are in Southeast Asia. Much of their social engineering efforts suggest the group is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy…

“APT30’s operations epitomize a focused, persistent, and well-resourced threat group. They appear to consider both the timing of their operations and prioritize their targets. Some of the their tools’ capabilities, most notably the ability to infect air gapped networks, suggest both a level of planning and interest in particularly sensitive data, such as that housed on government networks. The group’s method for selecting and tracking victims suggests a high level of coordination and organization among the group’s operators. With activity spanning more than ten years, APT30 is one of the longest operating threat groups that we have encountered and one of the few with a distinct regional targeting preference. Our research into APT30 demonstrates what many already suspected: threat actors rely on cyber capabilities to gather information about their immediate neighborhood, as well as on a larger, global scale. APT30 appears to focus not on stealing businesses’ valuable intellectual property or cutting-edge technologies, but on acquiring sensitive data about the immediate Southeast Asia region, where they pursue targets that pose a potential threat to the influence and legitimacy of the Chinese Communist Party. In exposing APT30, we hope to increase organizations’ awareness of threats and ability to defend themselves. APT30’s targeting interests underscore the need for organizations across the region to defend the information assets valuable to determined threat actors.”
Some of these benefits include stronger and longer discount cialis canada erections, better stamina, increased sperm production and better sexual performance. These kinds of over the counter natural supplements are called male enhancers, and you can easily find on the internet today. discount viagra usa This viagra usa mastercard helps to a great extend in regaining youth strength and power. It is also effective over those women who have lost the enthusiasm to live Overpowered by fears or different feelings Being squashed under the anxiety of performing in your expert and individual life Experiencing ailment all the time due to erectile dysfunction, the partner too tends to lose her interest and certainly brings down to a fight amongst them which leads generico levitra on line learningworksca.org to many fights.
Nations targeted include the United States, India, South Korea, Malaysia, Vietnam, Thailand, Saudi Aabia, Nepal, Bhutan, Philippines, Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, and Japan.

It’s not just governments and corporations that are the targets.

“In addition to APT30’s Southeast Asia and India focus, we’ve observed APT30 target journalists reporting on issues traditionally considered to be focal points for the Chinese Communist Party’s sense of legitimacy, such as corruption, the economy, and human rights. In China, the Communist Party has the ultimate authority over the government. China-based threat groups have targeted journalists before; we believe they often do so to get a better understanding on developing stories to anticipate unfavorable coverage and better position themselves to shape public messaging.

“APT30’s attempts to compromise journalists and media outlets could also be used to punish outlets that do not provide favorable coverage – for example, both the New York Times and Bloomberg have had trouble securing visas for journalists in wake of unfavorable corruption reporting. 28 Beyond targeting, we also saw summaries of media events or reporting in decoy documents, particularly around press releases related to government or military updates. It appears that APT30 could plausibly be targeting press attachés in order to obtain access to their contacts, which would presumably include the contact information of other public affairs personnel or other journalists of interest to target. Targeting press attachés would enable APT30 to target journalists from a trusted source, which would be an excellent resource for spear phishing.”