KUALA LUMPUR, April 13 — Government-backed hackers from China have been running a cyber-espionage operation targeting Malaysia and other Southeast Asian countries for at least a decade, a US cyber security company has said.
FireEye Inc said in a report released today that the hackers dubbed APT30 target governments, companies and journalists across Southeast Asia, India and more to gain intelligence on regional political, economic and military issues, such as the conflicting territorial claims over the South China Sea between China, Malaysia and other countries.
“This evidence leads us to believe that APT30 serves a government’s needs for intelligence about key government and industry entities in Southeast Asia and India,” said FireEye in its report called “APT30 and the Mechanics of a Long-Running Cyber Espionage Operation”.
Malaysia is among the countries that are confirmed targets of the hackers who have been running the cyber-attacks on various sources, possibly including classified government networks, since at least 2005, said the report.
Other nations said to be confirmed APT30 targets are Thailand, Vietnam, South Korea, India, the United States and Saudi Arabia.
The report also said malware was detected in Malaysia, Thailand, Vietnam, South Korea and India from October 2012 to October 2014.
“Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored — most likely by the Chinese government,” said the report.
“This group, who we call APT30, stands out not only for their sustained activity and regional focus, but also for their continued success despite maintaining relatively consistent tools, tactics, and infrastructure since at least 2005,” the report added.
FireEye further said the hackers have been targeting nations in Asean, of which Malaysia is chair, around the time of official Asean meetings to glean insight on the region’s politics and economics.
“With activity spanning more than ten years, APT30 is one of the longest operating threat groups that we have encountered and one of the few with a distinct regional targeting preference,” said the report.
“Some of the their tools’ capabilities, most notably the ability to infect air gapped networks, suggest both a level of planning and interest in particularly sensitive data, such as that housed on government networks,” the report added.
The Diplomat, a current affairs magazine for the Asia-Pacific region, said last month that Malaysia has been using a “playing it safe” approach on the South China Sea issue amid China’s increasing assertiveness in the past few years.