Chinese hackers have been linked by a U.S. cyber-security firm to a decade-long cyber espionage campaign reminiscent of the NSA-linked Equation group’s global spying campaign.
In a 69-page technical report published on Sunday by FireEye Inc., the computer security company indicated that a hacking group likely aligned with China has been targeting governments, journalists and companies across southeast Asia, India and the United States.
PC World reported that the company became aware of the group’s activity after malware used by the group was discovered on the systems of defense-related clients, according to the company’s manager of strategic analysis, Jen Weedon.
As far as the potential state-connection is concerned, FireEye indicated in their report that due to the malware’s targets and particular interest in the relationship between India and China, the group is likely sponsored by China.
The malware developed by the group — who researchers designated APT 30, an acronym for Advanced Persistent Threat — has worm-like capabilities which can be used to infiltrate air-gapped networks, which are networks otherwise isolated from the rest of the world.
While the group isn’t the first to target offline networks, which are employed by governments in order to mitigate risk associated with external cyber-attacks, the report notes that the group seems to have taken the air-gap network penetration vector into “consideration at the very beginning of their developments efforts in 2005,” which the researchers noted to be “significantly earlier than many of the other advanced groups” they track.
The researchers indicated that the group of hackers known as APT 30 appear to be “pretty insular,” don’t share their attack infrastructure with other groups, and they have their own resources for development.
As for attacking air-gapped networks with worm-like malware, which is something that the NSA-linked “Equation group” has been doing for some time, APT-30’s malware infects removable storage devices such as hard-drives and USB sticks which are in turn employed in the transfer of data.Bryce Boland, FireEye’s APAC CTO, told TechCrunch in an interview that while there’s “no smoking gun” implicating the Chinese government in the APT 30 hacking operation, “all signs point to China”.
There’s no smoking gun that shows this is a Chinese government operation, but all signs point to China […] There’s huge intellectual property development in Asia — that’s the new battleground.
Which nation do you think has the best state-sponsored hackers?
