For more than a decade, a Chinese cyberspy group has been spying on government and business networks in countries that are part of the Association of Southeast Asian Nations (ASEAN). Meanwhile, it was also spying on journalists who are critical of the Chinese Communist Party.
Details on the newly-discovered hacker group were published by security company FireEye on April 12. It states that the hacker group, which it calls “APT30,” has been involved in a “decade-long operation” aimed at targets “who hold key political, economic, and military information about the region.”
The hacker group has been operating since at least 2005, and has been using many of the same tools, tactics, and infrastructure throughout the years. Researchers with FireEye state, based on their findings, they believe the attacks are state-sponsored, “most likely by the Chinese government.”
The tools used by APT30 are not designed for economic theft. Instead, they’re designed specifically for spying. Their tools, according to FireEye, are designed to “identify and steal documents.”
Using these tools, the cyberspies were able to change files on the victim’s network, read and write files, search for files, delete files, and upload new files. They were also able to infect removable drives, such as USB flash drives, and would even let them access “air gapped” computers that aren’t connected to the Internet.
FireEye states, “the group’s interests appear to concentrate on Southeast Asia regional political, economic, and military issues, disputed territories, and topics related to the legitimacy of the Chinese Communist Party.”
It adds the hacker group has a “distinct interest in organizations and governments associated with ASEAN, particularly around the time of official ASEAN meetings.”
As for journalists that APT30 was targeting, the report says, it went for those who “do not provide favorable coverage” on the Chinese regime. In particular, this included journalists who wrote about issues including the Chinese regime’s human rights record, corruption, and its economy.
Researchers say they believe the Chinese regime targets journalists so it can “anticipate unfavorable coverage and better position themselves to shape public messages.”
“APT30’s attempts to compromise journalists and media outlets could also be used to punish outlets that do not provide favorable coverage,” it states.
Confirmed countries targeted by APT30 were India, Thailand, South Korea, Saudi Arabia, Malaysia, the United States, and Vietnam.
Researchers believe the cyberspies were targeting Nepal, Indonesia, Cambodia, Bhutan, Brunei, Japan, the Philippines, Myanmar, Singapore, and Laos.
“APT30 appears to focus not on stealing businesses’ valuable intellectual property or cutting-edge technologies,” the report states, “but on acquiring sensitive data about the immediate interests of the Southeast Asia region, where they pursue targets that pose a potential threat to the influence and legitimacy of the Chinese Communist Party.”