China accused of hacking neighbors for last 10 years

FireEye report shows Chinese government acted out long-term campaign against other Asian countries

(Come mingle with hundreds of top venture capitalists representing $10B-plus in capital under management, including Khosla Ventures, Greylock and Javelin Venture Partners, and learn from founders/CEOs including Marco Zappacosta, Co-founder & CEO of Thumbtack and Adam Goldenberg, CEO of JustFab, Slava Rubin, Founder & CEO of Indiegogo, at Vator Splash Oakland on April 22nd and 23rd. Get your tickets here!)

In recent years, attacks against the United States from foreign governments looking to intercept our computer networks have gotten so bad that the President himself recently had to get involved, and order strict sanctions against any country that does so. 

The chief culprit in these attacks seems to be countries from Asia, namely China and North Korea. It turns out, though, they are not trying to spy on us, but also on each other.

A new report out from FireEye is accusing the Chinese government of instituting a 10-year long hacking campaign against its neighbors in the region.

"When our Singapore-based FireEye labs team examined malware aimed predominantly at entities in Southeast Asia and India, we suspected that we were peering into a regionally focused cyber espionage operation," it says in the report.

"The malware revealed a decade-long operation focused on targets—government and commercial—who hold key political, economic, and military information about the region."

FireEye is calling the group responsible "APT30," and saying that it "stands out not only for their sustained activity and regional focus, but also for their continued success despite maintaining relatively consistent tools, tactics, and infrastructure since at least 2005."

When FireEye looked at the tactics of APT30 to see how it could be so effective for so long, they found that the group did so by prioritizing targets, "most likely work in shifts in a collaborative environment, and build malware from a coherent development plan."

Another key factor was figuring who the victims of these attacks were.

"APT30’s victims are in Southeast Asia. Much of their social engineering efforts suggest the group is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy."

The long-term mission of the group, coupled with its expertise and its list of targets, had led FireEye to draw the conclusion that, "such a sustained, planned development effort, coupled with the group’s regional targets and mission," was planned "most likely by the Chinese government."

So how was it getting away with it for all these years? Basically, willful ignorance. These countries don't think they can be attacked.

"As APAC CTO for FireEye, I regularly find that organizations in Asia feel they are not likely to be a target of advanced cyber threat. In fact, advanced attackers, aware of the complacency, are exploiting it. The reality is that groups like APT 30 are actively and successfully stealing sensitive information across the region, and this region has some of the highest levels of targeted attacks that we see across the world," Bryce Boland wrote in a blog post. 

"Asia’s businesses and governments are heavily targeted, but without the ability to detect these attacks they are largely unprotected from their impacts. This group has been able to operate successfully and remain undetected for many years and has not even had to change their attack infrastructure – a clear sign that their victims don’t realize this is happening."

Chinese cyberattacks

China certainly has plenty of experience in using cyber warfare against other countries; it ha done so numerous times against the United States.

Last year, the U.S. Department of Justice leveled charges against China for cyber espionage, marking the first time the U.S. ever leveled criminal charges against a foreign government for economic cyber spying.

This came after U.S. security firm Mandiant traced over 140 cyber attacks on U.S. and foreign businesses and organizations to a specific unit in China’s army known widely as the “Comment Crew” or the “Shanghai Group.” An assessment by the National Intelligence Estimate identified a pretty extensive range of sectors that have been impacted by China’s spying, including finance, IT, aerospace, automotive, and energy, among others. Some of the companies that have been hacked include Google—obviously—as well as drone manufacturers and the makers of nuclear weapons parts.

The country also attacked U.S. civilians. Community Health Systems, one of the largest providers of general hospital healthcare services in the United States revealed that it been hacked by an “Advanced Persistent Threat” group originating from China last August. Then, in September, a U.S. Senate panel found that Chinese hackers, who are associated with the Chinese government, were able to breach computer systems of U.S. airlines, technology companies and other firms involved in the movement of U.S. troops and military equipment, 

Between June of 2012 and June of 2013, there were about 50 breaches, or other cyber events, into the computer networks of the military's U.S. Transportation Command, or Transcom, contractors.

The cybersecurity space

As cybersecurity started making headlines, venture capital took notice as well, and started putting oremoney into these types of startups

In the last 5 years, $7.3 billion has been invested into 1208 private cybersecurity startups, according to CBInsights. 

In 2014, funding for cybersecurity startups broke the $2 billion barrier for the first time while deals grew to a total of 269.

Some of the companies that have raised the most funding in the space over the last couple of years have included Good Technology, which raised $80 million; Lookout, which raised a $150 million round; Okta, which rased a $27 million Series D funding round; Bit9, which raised $38.25 million; and Veracode, which raised a $40 million funding round.

(Image source: ibtimes.com)