Hackers,
most likely from China, have been spying on governments and businesses
in Southeast Asia and India uninterrupted for a decade, researchers at
internet security company FireEye Inc said.
In
a report released on Monday, FireEye said the cyber espionage
operations dated back to at least 2005 and “focused on targets –
government and commercial – who hold key political, economic and
military information about the region.”
“Such
a sustained, planned development effort coupled with the (hacking)
group’s regional targets and mission, lead us to believe that this
activity is state-sponsored – most likely the Chinese government,” the
report’s authors said.
Bryce
Boland, Chief Technology Officer for Asia Pacific at FireEye and
co-author of the report, said the attack was still ongoing, noting that
the servers the attackers used were still operational, and that FireEye
continued to see attacks against its customers, who number among the
targets.
Reuters couldn’t independently confirm any of the assertions made in the report.
China
has always denied accusations that it uses the Internet to spy on
governments, organisations and companies. Neither the Foreign Ministry
nor the Cyberspace Administration of China, the Internet regulator,
immediately responded to written requests for comment on the FireEye
report on Monday.
China
has been accused before of targeting countries in South and Southeast
Asia. In 2011, researchers from McAfee reported a campaign dubbed Shady
Rat which attacked Asian governments and institutions, among other
targets.
Efforts
by the 10-member Association of Southeast Asian Nations (ASEAN) to
build cyber defences have been sporadic. While ASEAN has long
acknowledged its importance, “very little has come of this discourse,”
said Miguel Gomez, a researcher at De La Salle University in the
Philippines.
The
problem is not new: Singapore has reported sophisticated
cyber-espionage attacks on civil servants in several ministries dating
back to 2004.
UNDETECTED
The
campaign described by FireEye differs from other such operations mostly
in its scale and longevity, Boland said. He said the group appeared to
include at least two software developers. The report did not offer other
indications of the possible size of the group or where it’s based.
The
group remained undetected for so long it was able to re-use methods and
malware dating back to 2005, and developed its own system to manage and
prioritize attacks, even organising shifts to cope with the workload
and different languages of its targets, Boland told Reuters.
The
attackers focused not only on governments, but on ASEAN itself, as well
as corporations and journalists interested in China. Other targets
included Indian or Southeast Asian-based companies in sectors such as
construction, energy, transport, telecommunications and aviation,
FireEye says.
Mostly
they sought to gain access by sending so-called phishing emails to
targets purported to come from colleagues or trusted sources, and
containing documents relevant to their interests.
Boland
said it wasn’t possible to gauge the damage done as it had taken place
over such a long period, but he said the impact could be “massive”.
“Without being able to detect it, there’s no way these agencies can work
out what the impacts are. They don’t know what has been stolen.”
Posted by : Gizmeon
No comments:
Post a Comment