PHL likely targeted by China-backed cyberspies since 2005, security group warns

The Philippines may have been the target of a cyber-espionage campaign likely sponsored by the Chinese government, a cybersecurity company said Tuesday.

 

FireEye disclosed information on APT 30, which it said is an advanced persistent threat (APT) group “most likely sponsored by the Chinese government.”

 

“Advanced threat groups like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and organizations in the Philippines and Southeast Asia... Governments and businesses in the Philippines face persistent, well-resourced threat actors,” said Wias Issa, Senior Director at FireEye.

 

“Their targets possess information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party,” FireEye added.

 

Issa said the threat intelligence on APT 30 the company is sharing should “will help empower organizations in the Philippines to quickly begin to detect, prevent, analyze and respond to this established threat.”

 

FireEye said APT may have been conducting cyber espionage since at least 2005, and is one of the longest operating APT groups it tracks.

 

It added the group has maintained largely consistent targeting in Southeast Asia and India, and may have targets in Malaysia, Vietnam, and Thailand.

 

Consistent TTP

 

However, FireEye also noted APT 30’s attack tools, tactics, and procedures (TTPs) have “remained markedly consistent since inception – a rare finding as most APT actors adjust their TTPs regularly to evade detection.”

 

“It’s highly unusual to see a threat group operate with similar infrastructure for a decade. One explanation for this is they did not have a reason to change to new infrastructure because they were not detected. This would suggest many organizations are not detecting these advanced attacks,” said Issa.

 

FireEye also noted APT 30 deployed customized malware for use in specific campaigns targeting ASEAN members.

 

Citing some of the 200 samples of APT 30 malware, FireEye said APT 30 may have targeted organizations in the Philippines.

 

Its analysis on APT 30’s malware showed a “methodical approach to software development similar to that of established technology businesses.”

 

Such an approach “aligns closely to the various diplomatic, political, media and private-sector environments they intended to breach,” it said. — Joel Locsin/TJD, GMA News