Hackers from China have been spying on governments and businesses in Southeast Asia and India for more than a decade, researchers at Internet security firm FireEye claims.
China spies on Southeast Asia uninterrupted for a decade
FireEye released a report on Monday that claimed the cyber spying operations have been ongoing since at least 2006 and “focused on targets – government and commercial – who hold key political, economic and military information about the region”.
“Such a sustained, planned development effort coupled with the (hacking) group’s regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government,” the report’s authors said.
Chief Technology Officer at FireEye and co-author of the report, Bryce Boland, said that attacks were still going on, also stating that servers the attackers used are still operational.
China of course has always denied such allegations that it uses the Internet to spy on governments and organisations, and has been accused before of targeting countries in Asia. In 2011, researchers from McAfee reported on a campaign known as Shady Rat which attacked Asian governments and institutions.
The 10-member Association of Southeast Asian Nations (ASEAN) have in the past tried to build cyber defences, but the efforts have been very sporadic. ASEAN acknowledges its importance but “very little has come of this discourse”, said Miguel Gomez, a researcher at De La Salle University in the Philippines.
Chinese hackers part of a small, dedicated team
The ongoing campaign by Chinese hackers is different from other such operations in its scale and longevity, said Boland, who said the group includes at least two software developers. However, the report has not indicated the size of the group or where it’s based. It has remained undetected for such a long time that it was able to use malware dating back to 2005, and has developed its own system to prioritise and manage attacks, Boland told Reuters.
Apparently, the attackers have targeted governments, corporations and journalists interested in China, as well as Indian and Southeast Asian companies in construction, energy, transport, telecommunications and aviation. Most of the time, the hackers sent phishing emails that appeared to come from colleagues or trusted sources, and contained documents they would be interested in.
Boland says the damage done could be massive, but that it’s not easy to gauge because it was done over such a long period of time. “Without being able to detect it, there’s no way these agencies can work out what the impacts are. They don’t know what has been stolen”.