According to the Hindu Business Line, a FireEye report published on Monday claims that the hackers have been working in the region since at least 2005, and their cyber attacks “focused on targets – government and commercial – who hold key political, economic and military information about the region.” The report went on to claim that its characteristics “lead us to believe that this activity is state-sponsored – most likely the Chinese government.”
China denies carrying out cyber attacks
Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye and co-author of the report, stated that the attack was still underway, with servers used by the attackers still operational and FireEye customers were still being targeted. China has always officially denied carrying out cyber attacks against governments, organisations and companies.
When questioned about the FireEye report, Chinese foreign ministry spokesman Hong Lei said: “I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts.”
This is not the first time that China has been accused of hacking targets in South and Southeast Asia. A 2011 report by McAfee claimed that the Chinese were running a campaign known as Shady Rat which targeted governments and institutions in the region.
The 10-strong Association of Southeast Asian Nations (ASEAN) has attempted to build cyber defenses, but efforts have been sporadic. Despite the fact that cyber attacks on government ministries in Singapore were reported as far back as 2004, the grouping has made little concrete progress in strengthening its cyber capabilities.
Sustained attack against weak defenses
FireEye claims that the campaign detailed in its report has been made on a larger scale and for a longer period of time than previous examples. The hackers appear to boast at least two software developers in their number. Cyber defenses in the region are so underdeveloped that hackers were able to continue using malware first seen in 2005.
National governments, ASEAN, corporations and even journalists interested in China were all targeted. Companies involved in construction energy, transport, telecommunications and aviation in Southeast Asia were also targeted.
The main method of gaining access was the sending of phishing emails, but so far the extent of the infiltration is not known. China continues to arouse suspicions with its activities and greater defensive efforts need to be made to protect both public and private actors from cyber attacks.