PH target of 10-year Chinese cyber espionage: group


Posted at May 20 2015 10:11 AM | Updated as of May 20 2015 08:19 PM

MANILA – The Philippines has been the subject of a long-running cyber espionage campaign likely sponsored by the Chinese government, an IT security firm said.

The cyber espionage campaign started around 2005 and has been targeting a variety of organizations in the Philippines and Southeast Asia, according to IT security firm FireEye Inc.

FireEye said the usual targets of the cyber-espionage campaign were intelligence information about key Southeast Asian political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party.

The firm said these information ''most likely serve the Chinese government's needs."

FireEye said the APT 30 or advanced persistent threat (APT) group is most likely sponsored by the Chinese government.

''Advanced threat groups like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and organizations in the Philippines and Southeast Asia,'' said FireEye senior director Wias Issa.

''Governments and businesses in the Philippines face persistent, well-resourced threat actors.''


According to FireEye, the state-sponsored cyber espionage campaign targets Southeast Asia and India.

FireEye said APT 30’s attack tools, tactics, and procedures (TTPs) have not changed since the campaign started. It said this finding is rare since most APT actors adjust their TTPs regularly to evade detection.

''It's highly unusual to see a threat group operate with similar infrastructure for a decade. One explanation for this is they did not have a reason to change to new infrastructure because they were not detected. This would suggest many organizations are not detecting these advanced attacks,'' Issa said.

''The threat intelligence on APT 30 we are sharing will help empower organizations in the Philippines to quickly begin to detect, prevent, analyze and respond to this established threat.''

According to FireEye, the APT 30 deployed customized malware for use in specific campaigns targeting Southeast Asian nations and others.

''It appears that some of the 200 samples of APT 30 malware included in the investigation targeted organizations in the Philippines,'' it said.


Kaspersky Labs, a Russian cybersecurity firm, earlier told ABS-CBN that it has monitored a strong cyber espionage group named Naikon.

This group has allegedly been stealing information and infiltrating the systems of countries in the South China Sea, including the Philippines.

One thing distinct about Naikon is that its members use the Chinese language.

''They’ve been very good in collecting what they’re interested in, which is collecting sensitive geopolitical intelligence in that area,'' said Kurt Baumgartner, principal security researcher of great team of Kaspersky Lab.

Naikon primarily infiltrates the computer systems of governments, militaries and civil organizations.

Kasperksy believes that thousands of personal and individual accounts have been attacked or are still controlled by Naikon without its owners even realizing it.

Kaspersky does not know who Naikon’s members are but the cyber security group strongly believes Naikon’s operations are backed by the state.

“When we’re looking at a group that has had a sustained effort for at least five years, and is collecting nothing but geopolitical intelligence, really, all those things suggest that we do have at least a state-supported actor,” Baumgartner said.

Kaspersky detected a spike in Naikon’s espionage activities in the spring of 2014 around the time the Philippine vessel was chased down by the Chinese Coast Guard near Ayungin Shoal.

Defense officials said this is not the first cyber espionage group to take a shot at infiltrating the Philippine government’s systems.


The United States has charged the Chinese government of sponsoring hackers for its cyber-espionage campaign, targeting sensitive government data and information from enterprises.

Beijing has denounced the accusations. Although the two major economies enjoy cooperation in various aspects, the issue of cyber espionage has become a sore spot in their relations.

In 2014, the US Federal Bureau of Investigation charged five Chinese Army officers for stealing information from US enterprises. The move, however, was considered as merely symbolic as the five Chinese officials are not likely to be brought to the US.

The Philippines itself is at odds with China over the disputed South China Sea, and its military – one of Asia's weakest – is struggling to counter Beijing's muscle-flexing in the disputed waters.

FireEye's finding bolsters the perception that China's communist party is a perpetrator of cyber-espionage against other sovereign nations. It also highlights the sheer sophistication of Chinese hackers and the helplessness of Manila in the technological front.