Cyber espionageCyber espionage campaign, likely sponsored by China, targets Asian countries: FireEye

Published 15 April 2015

FireEye has released a report which provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government. APT 30 has been conducting cyber espionage since at least 2005, making it one of the longest operating APT groups that FireEye tracks. APT 30 targets governments, journalists, and commercial entities across South East Asia and India.

Milpitas, California-based FireEye, a cybersecurity specialist, the other released a new Intelligence Report — APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation. The report provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government.

FireEy says that APT 30 has been conducting cyber espionage since at least 2005, making it one of the longest operating APT groups that FireEye tracks. The group has maintained largely consistent targeting in Southeast Asia and India, including targets in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines, and Indonesia, among other countries. In addition, APT 30’s attack tools, tactics, and procedures (TTPs) have remained markedly consistent since inception — a rare finding, as most APT actors adjust their TTPs regularly to evade detection.

“Advanced threat group like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” said Dan McWhorter, VP of threat intelligence, FireEye. “Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will help empower the region’s governments and businesses to quickly begin to detect, prevent, analyze and respond to this established threat.”

FireEye notes that the analysis conducted on APT 30’s malware reveals a methodical approach to software development similar to that of established technology businesses — an approach that aligns closely to the various diplomatic, political, media and private-sector environments they intended to breach. Their targets possess information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party.

For businesses and security practitioners, the threat intelligence on APT 30 which FireEye is sharing can be found here.

— Read more in APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation (FireEye, April 2015)