As a follow-up to yesterday’s Round Up, both eWeek and The Hacker News have reported that China has, or is currently sponsoring cyber intrusions into civil, government and military organizations throughout the Asia-Pacific region. Whereas, both Information Week, and eWeek linked the Naikon hacking group to an ongoing Advanced Persistent Threat campaign launched against several Asia-Pacific countries, The Hacker News article indicated that another group, dubbed APT30, has ties to the Chinese military, and has been engaged in a multi-year cyber initiative against Governments, Companies, as well as journalists throughout India as well as Asia-Pac countries.
The Hacker News article indicated that not only has APT30 been conducting cyber espionage operations for over ten years but that the group’s targets have included the following areas:
- Regional Politics
- Disputed Territories
- Military and Economic issues
- Media Organizations and Journalists
- Political developments in Southeast Asia and India
Furthermore, the Hacker News references an April 2015 report that FireEye developed that examined the technical underpinnings of APT30’s hacking effort and determined that APT30 relies on sophisticated and refined hacking tools that suggest an ongoing and managed development initiative designed to update and promulgate APT30’s hacking tools. According to FireEye’s report, APT30 leverages two primary backdoors, BACKSPACE and NETEAGLE for command and control (C2) operations via http requests over a two-tier architecture. With the host systems operating in the first-tier and APT30 second-tier systems that provide for an additional layer of obfuscation between APT30 and the actual victim systems, based on FireEye’s assessment.
Additionally, the Hacker News reports that APT30 has developed malware that is introduced to a user’s home computer, infects removable drives and is then used to attack air-gapped computers once a user brings the device to these locations. The use of malware to exfiltrate data from air-gapped computers raises additional security and threat concerns since these non-networked devices are typically considered “relatively secure”.
In addition to the cyber operations being conducted by APT30, the Cyber Round Up yesterday highlighted another hacking group, Naikon, which is believed to be directly tied to the Chinese People’s Liberation Army (PLA) unit 78020. Information Week reports that Naikon has embarked upon a five-year hacking campaign as part of China’s effort to regain control of the South China Sea. The article, indicates that Naikon has targeted diplomatic, military and economic targets in the following countries: Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam.
My opinion:
It is interesting to note that while the Chinese Government continues to disavow any knowledge of cyber-espionage efforts undertaken on its behalf, reports continue to surface indicating otherwise. The fact that the long-term cyber initiatives targeting nations in the Asia-Pacific region also seems closely aligned with China’s overt economic and geopolitical goals seems an unlikely coincidence. While President Obama and China’s President Xi seem to have officially agreed to open lines of communication regarding cybersecurity (according to the White House fact sheet); there seems to be very little substantive value. While it is generally understood that nation-states can, and will continue to engage in cyber-espionage activities, the issue arises when the targets are not government-based but rather private entities. Here, while multiple reports link hacking groups to the Chinese government, and where said groups have purportedly targeted non-government actors, what position is the U.S. taking on this? Until and unless it is made abundantly clear that private interests and U.S. citizens are off-limits nation-states will continue to target whatever and whomever they wish with no fear of retribution.
2 Pingbacks