A Chinese hacker group has reportedly been monitoring governments for more than a decade, according to FireEye. The APT30 hacker group was exposed by the company security FireEye, which claims to have been spying on governments in Asia and the Pacific since 2004.
FireEye reports in her report that the group APT30 is particularly interested in political developments in Southeast Asia and India, and is particularly active at the time of Southeast Asian summits.
It also focuses on regional issues and territorial differences between China, India and Southeast Asian countries.
The FireEye report, APT30 and the Mechanics of a Long-Running Cyber Espionage Operation (PDF), reports that the group has been steadily focusing on Southeast Asia and India in the last 10 years.
Apart from Asian governments, APT30 also targets mass media companies informationand journalists who report on issues concerning the region.
"We have analyzed over 200 samples of malware as well as remote controller software using a GUI, and we are able to estimate that it has been developed by the APT 30 team," says FireEye.
"All of their hacks are focused on obtaining sensitive data from several targets, possibly using government networks as well as other networks that are inaccessible by a standard connection in dianetwork. "
"Most of APT30's efforts use social engineering and show that they are particularly interested in regional policy, military and economic issues, disputed territories, media companies and journalists reporting on China and government legitimacy." reports the FireEye report, showing China behind the team.
The security firm's white paper also states that while accountability is always a difficult task, evidence suggests that the APT30 team may be funded by the Chinese authorities.
"Such prolonged, planned efforts to develop new tools, combined with the regional goals and missions of the team, lead us to believe that their activities are funded by some state, and probably by the Chinese government," the report states. .
The team is reportedly infecting its victims with phishing messages, and uses sophisticated attack tools that have been developed in the last 10 years.
FireEye stated that some malicious preletterthose used by APT 30, notably Backspace and Flashflood – are used to infect systems and steal data over the air. What is striking is that these malicious tools appear to have been designed when they began their efforts in 2005.