Singapore: A cyber espionage group most likely sponsored by China has been snooping on governments and businesses in Southeast Asia and India undetected for the last 10 years, internet security company FireEye said on Monday.
FireEye said the hackers, dubbed APT 30, have been systematically stealing “sensitive information” since 2005, targeting governments, corporations and journalists with interests involving China.
“Based on APT 30sconfirmed targets and their intended victims, the group’s interests appear to concentrate on Southeast Asia regional political, economic and military issues, disputed territories and topics related to the legitimacy of the Chinese Communist Party,” the report said.
It said the campaign differs from other hacking outfits mostly in its scale and longevity, leading researchers to believe that it must be state-sponsored.
It also said the main objective appears to be data theft as opposed to financial gain.
“Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state-sponsored — most likely by the Chinese government,” said the report released by California-based FireEye’s Asia office in Singapore.
China swiftly denied any involvement.
“The Chinese government firmly opposes hacking attacks, this position is consistent and clear,” said foreign ministry spokesman Hong Lei in Beijing.
FireEye said the cyber espionage group has consistently developed and refined its tools over the past 10 years.
Bryce Boland, FireEye’s chief technology officer for the Asia-Pacific, said in a blog post that the region has some of the highest levels of targeted cyber attacks worldwide, and many of these go undetected.
“This group (APT30) has been able to operate successfully and remain undetected for many years and has not even had to change their attack infrastructure — a clear sign that their victims don’t realise this is happening,” Boland wrote.
FireEye said the APT 30 group “expresses a distinct interest in organisations and governments associated with ASEAN, particularly so around the time of official ASEAN meetings”.
It said the group’s data-gathering tools indicate that it is “most likely trying to compromise ASEAN members or associates to steal information that would provide insight into the region’s politics and economics”.
Some members of the Association of Southeast Asian Nations — particularly the Philippines and Vietnam — have festering territorial disputes with Beijing in the South China Sea.
In an earlier report, business consultancy PricewaterhouseCoopers (PwC) said a survey it conducted showed that the total number of cyber security incidents detected by its respondents rose to 42.8 million worldwide in 2014, up 48 per cent from 2013.
It said many more cases may have gone undetected and unreported because “many organisations are unaware of attacks” while others do not report incidents for reasons of national security.
Spending on information security among organisations is “not keeping pace with increases in the frequency and costs of security incidents, despite elevated concerns about cyber risks”, PwC said.
Investment in information security budgets fell 4.0 per cent last year from 2013, it added.
