Revealed: China Spies on India and ASEAN Member States

[sorcerer]

Revealed: China Spies on India and ASEAN Member States

Today, the U.S. network security company Fire Eye Inc. published a new report highlighting the cyber espionage activities of a sophisticated hacker group, labelled APT30 (Advanced Persistent Threat), which has been attacking critical information infrastructure in Southeast Asia and India for almost a decade now, and is allegedly connected to Chinese government entities.

The new report is part of a slowly emerging modus operandi in which cybersecurity firms are time and again trying to highlight alleged government sponsored cyberattacks in order to deter future hacks but also to gain publicity and promote their own business interests (see: "The Axiom Report: Cybersecurity and Its Impact on China-US Relations").

The attacks of APT 30 began at least a decade ago and concentrated on, "Southeast Asia regional political, economic, and military issues, disputed territories, and topics related to the legitimacy of the Chinese Communist Party," the report's authors said.

The hackers also targeted Indian organizations and furthermore specifically singled out journalists reporting "on issues traditionally considered to be focal points for the Chinese Communist Party's sense of legitimacy, such as corruption, the economy, and human rights."

The hackers developed more than 200 versions of malware and were even capable of intruding highly secured air-gapped networks to steal data:

APT30 malware includes the ability to steal information (such as specific file types), including, in some cases, the ability to infect removable drives with the potential to jump air gaps. Some malware includes commands to allow it to be placed in 'hide' mode and to remain stealthy on the victim host, presumably for long-term persistence.

Unlike other attacks, APT 30 activities in cyberspace did not include the stealing of intellectual property data or sensitive cutting-edge technologies from Indian and Southeast Asian private-sector companies, but instead focused "on acquiring sensitive data about the immediate Southeast Asia region, where they pursue targets that pose a potential threat to the influence and legitimacy of the Chinese Communist Party."

APT 30 was particularly interested in the activities of the 10-member Association of Southeast Asian Nations (ASEAN) in order to gain insights into Southeast Asia political dynamics, according to Fire Eye Inc. The United States recently pledged to help build ASEAN's cyber capabilities, and help foster regional cooperation among member states on cybersecurity.

The conclusion of the report's authors is as follows:

("¦) APT30 serves a government's needs for intelligence about key government and industry entities in Southeast Asia and India ("¦) Such a sustained, planned development effort coupled with the (hacking) group's regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government.

The Chinese response to the allegations so far has been predictable. Reuters quotes Chinese Foreign ministry spokesman Hong Lei': "I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure."

Revealed: China Spies on India and ASEAN Member States | The Diplomat

 

[sorcerer]

The Axiom Report: Cybersecurity and Its Impact on China-US Relations -

The latest revelations surrounding the Chinese cyberespionage group "Axiom" have once more highlighted the increasing tensions between the United States and the People's Republic of China (PRC) in cyberspace. According to a recently published report by a group of cybersecurity researchers spearheaded by Novetta Solutions, a U.S. based cybersecurity firm, the Axiom hackers have displayed some of the most sophisticated cyberespionage tactics ever to emerge from China. Over a period of more than four years the hacker group infiltrated around 43,000 computers worldwide infecting a vast array of targets ranging from individuals to corporations as well as government institutions.

"Novetta has moderate to high confidence that the organization-tasking Axiom is a part of Chinese Intelligence Apparatus. This belief has been partially confirmed by a recent FBI flash released to Infragard stating the actors are affiliated with the Chinese government," states the report cautiously in its key findings. The circumstantial evidence (e.g., an analysis of Axiom targets) makes a compelling case that the Chinese state security apparatus is almost certainly involved in the activities of Axiom.

The Chinese Embassy in Washington D.C. stuck to its now already well-known script when it comes to cyberespionage charges and diligently denied any involvement emphasizing that, "judging from past experience, these kinds of reports or allegations are usually fictitious." Other official statements and comments in Chinese state-run newspapers were to the same effect denying any Chinese wrongdoing and seeking refuge in counter-allegations often summarized in a single name – Edward Snowden.

The U.S. private sector has repeatedly voiced its discontent with the slow response of the Obama Administration to Chinese cyberattacks. "I think the White House needs to do more from the diplomatic side and other pieces of this to call out this bad behavior," underlines one U.S. private sector representative. Nevertheless, the past has shown that "naming and shaming" Chinese attackers does not alter their behavior. After the U.S. Justice Department's indictment of 5 PLA officers on cyberespionage charges in May 2014, China – according to the 2014 Mandiant Report – has even expanded the scope of its cyber operations.

From open-source intelligence the Novetta report appears to be only vicariously part of the U.S. "naming and shaming" campaign against China. The report is meant to be a shot across the bow trying to signal China to slow down its massive espionage activities in cyberspace. While the Chinese public response was predictable, the disclosures nevertheless created a diplomatic tabula rasa ("Ok, let's agree that we both engage in similar behavior and let's move past it.") in order for both China and the United States to negotiate cybersecurity issues on a level playing field in the near-term future. The report publicly conveys the message that China is engaging in ostensibly similar behavior to what the Chinese government – propped up by the Snowden revelations – is continuously criticizing the U.S. side of.

Before the revelations of the Novetta report, Chinese state counselor Yang Jiechi emphasized: "Dialogue and cooperation between China and the U.S. in the field of cybersecurity is faced with difficulty due to the wrong actions taken by the American side. The American side should take positive actions so as to create conditions for the restart of dialogue and cooperation between the two countries in the field of cyber security." However, after the release of the report Lu Wei, head of the State Internet Information Office characterized the U.S.-China dialogue on cybersecurity as "unhindered" and furthermore argued that both countries had "differences but also commonalities". Consequently it is fair to assess that the Axiom disclosures have caused the PRC to somewhat ease up its uncompromising rhetoric vis-à-vis the United States on cyberespionage.

Chinese President Xi Jinping and U.S. President Barack Obama are scheduled to meet informally in November 2014 to discuss pressing bilateral issues. The meeting will be a follow-up to the Sunnylands summit held in June 2013. Cybersecurity was one of the most contentious issues at the 2013 summit. Back then, President Xi Jinping pledged to solve concerns over cybersecurity in a "pragmatic way" and both countries agreed to cooperate more closely on the legal aspects involving norms and laws in cyberspace. Yet, little has happened since then and the bilateral relationship has markedly suffered from the lack of engagement on cybersecurity issues in the last few months – mostly due to the Snowden leaks.

While the actual impact of the Novetta report on making U.S. systems more secure from Chinese attacks in the long run will be negligible on the diplomatic front, the recent Axiom revelations will allow the U.S. government to press the Chinese side harder on contentious cybersecurity issues. As I have written in the past ("It is China's Turn To Act!"), the United States has clearly signaled that Washington is interested in a de-escalation of tensions in cyberspace. However, this approach has gained no traction so far due to the diplomatic fallout largely caused by the NSA scandal.

In that sense the timing of the report could not have been more fortunate since, despite the obvious accusatory nature of the Novetta findings, the report – by leveling the diplomatic playing field as outlined above – could in fact have the reverse effect and make both sides more amendable to cooperation in cyberspace in the weeks ahead.
- See more at: The Axiom Report: Cybersecurity and Its Impact on China-US RelationsCHINA US Focus | CHINA US Focus

 

[sorcerer]

APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation
Having some of the world's most active economies, Asia Pacific countries are more likely to be a target of targeted attacks than the rest of the world. In "Operation Quantum Entanglement", "Pacific Ring of Fire: PlugX / Kaba" and other FireEye reports, we have highlighted how Northeast Asian countries have been at the centre of advanced attacks. Today, we release a new report "APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation," which documents about a threat group, APT 30, who has consistently targeted Southeast Asia and India over the past decade.

We have analysed over 200 malware samples and its GUI based remote controller software, we are able to assess how the team behind APT 30 works: they prioritize their targets, most likely work in shifts in a collaborative environment, and build malware from a coherent development plan. Their missions focus on acquiring sensitive data from a variety of targets, which possibly include classified government networks and other networks inaccessible from a standard Internet connection.

Working closely with a strong team of FireEye Threat Intelligence experts, APT 30 has been identified as a threat group that has one of the longest cyber espionage operation histories starting from as far back as 2004. APT 30 takes a special interest in political developments in South East Asia and India, and is particularly active at the time of ASEAN summits, regional issue, and territorial disputes between China, India and Southeast Asia countries. APT 30 also targeted media organizations and journalists who report on topics concerning the region.

Malware, primarily BACKSPACE, found to be used by APT 30 have showed characteristics of a modularized development framework. Different set of function modules were loaded to create a wide range of variants as they were needed, while its basic structures such as call back, update management and variable naming convention remained largely the same.

Our investigations into special tools - SHIPSHAPE, SPACESHIP, and FLASHFLOOD used by APT 30 suggest that while they are not the only group to build functionality to infect and steal data from air-gapped networks, they appear to have designed this feature at the very beginning of their development efforts in 2005. This is earlier than many other APT campaigns discovered.

read more:https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html

 

[RAM]

Its High time.........................We Must address this issue very very seriously beyond the spectrum of CONVENTIONAL warfare AT THE EARLIEST as the METADATA Gathering ability of OUR adversary is very focused,meticulous, persistent, AND MOST IMPORTANT is Their Network is astonishingly cobwebbed well ahead against their rivals and their transgression into the cyber domain is par above the US security systems.On the contrary My real fear is for Indian cyber securtiy (defence/offence capabilities ) is still in making only with its its building blocks stages.

Hope-MOD Tarunraju can shed More light into this subject with INVALUABLE outputs ..

 

[t_co]

...so what?

 

[Sylex21]

...so what?

yeah I got to agree with t_co here. The headline should read "1 Chinese spy cell caught this time..... every other nations dozens of spy cells that spy on each other pending".

Literally everyone spies on everyone, in every way they can 24/7.