Menu
Chinese hacker group among first to target networks isolated from Internet

Chinese hacker group among first to target networks isolated from Internet

APT 30 has been operating since 2005 without significantly changing its attack methods, FireEye said

An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye.

The computer security firm released a 69-page technical report on Sunday on the group, which it calls APT (Advanced Persistent Threat) 30, which targeted organizations in southeast Asia and India.

FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.

APT 30 has operated since at least 2005. It has targeted people through spear phishing, or sending emails containing malicious attachments or harmful links.

The group has consistently updated its malware, but the tools it uses are generally not that sophisticated, and it has used some of the same command-and-control infrastructure for years on end.

"It seems to be they've been successful in being good enough," Weedon said Sunday.

The organizations targeted may have had lax security postures, which made them easy for APT 30 to infiltrate without needing to resort to more advanced or sophisticated attack methods, she said.

The countries primarily targeted were India, South Korea, Malaysia, Vietnam, Thailand, Saudi Arabia and the U.S. Other countries likely to have been targeted are Nepal, Bhutan, the Philippines, Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia and Japan, FireEye said.

The group has a particular interest in the relationship between China and India, including border issues, FireEye's report said. APT 30's focus on those particular subjects make it likely that it is sponsored by China.

What's most interesting about APT 30 is that it developed tools that are designed to move from systems connected to the Internet to those that aren't connected. Governments use such "air-gapped" networks to reduce the chance an external attack will be successful.

The group designed malware components with worm-like capabilities that can infect removable drives such as USB sticks and hard drives. Those devices can transfer the malware if connected to a device on an air-gapped network.

FireEye said it has seen many groups develop this capability, but APT 30 appears to have "made this a consideration at the very beginning of their development efforts in 2005, significantly earlier than many other advanced groups we track."

Over the years, FireEye has written many reports on groups it has linked to China. This group, however, doesn't appear to be linked to any of the other ones and operated in relative isolation.

APT has its own development resources, and doesn't share attack infrastructure with other groups, Weedon said.

"This group seems pretty insular," she added.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityFireEyeExploits / vulnerabilitiesmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments