Cyber-security firm FireEye says it has uncovered a "sustained" cyber-espionage campaign against Southeast Asia

'Sustained' Chinese cyber-espionage campaign targeted Southeast Asia

A decade-long cyber-espionage campaign against governments and businesses in Southeast Asia is likely of Chinese origin, says internet security firm FireEye.

A report released by the company today said the operations dated back to at least 2005 and "focused on targets - government and commercial – who hold key political, economic and military information about the region."

Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye and co-author of the report, said the campaign differs from other such operations mostly in its scale and longevity.

The attacks are ongoing, he added, noting that servers used by the attackers were still operational and that FireEye continued to see attacks against its customers, who number among the targets.

"Such a sustained, planned development effort, coupled with the [hacking] group's regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government," the report's authors said.

He said the group behind the campaign appeared to include at least two software developers, though the report did not offer other indications of the possible size of the group or where it might be based.

Efforts to gain access mostly focused on sending phishing emails to targets, purporting to come from colleagues or trusted sources and containing documents relevant to their interests.

According to Boland, the fact the group was undetected for so long meant it was able to re-use methods and malware dating back to 2005. It had even developed a system for managing and prioritising attacks, as well as a shift system to help it cope with the workload and different languages of its targets.

As well as attacking individual governments in Southeast Asia, the attackers also went after the 10-member Association of Southeast Asian Nations (ASEAN).

Corporations and journalists interested in China were also targeted, as were various Indian and Southeast Asian companies in sectors like construction, energy, transport, telecommunications and aviation, the report said.

The potential damage could be “massive” according to Boladn, but it is hard to gauge as it had taken place over such a long period. "Without being able to detect it, there's no way these agencies can work out what the impacts are. They don't know what has been stolen," he said.

Asked about the FireEye report, foreign ministry spokesman Hong Lei said: "I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure."

China has been accused before of targeting countries in South and Southeast Asia before. In 2011, researchers from McAfee reported a campaign dubbed Shady Rat which attacked Asian governments and institutions, among other targets. Singapore has also reported sophisticated cyber-espionage attacks on civil servants in several ministries dating back to 2004.

China has always denied accusations that it uses the Internet to spy on governments, organisations and companies.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them