Chinese hackers shift focus to Asia after US accord

A Chinese hacker group known for targeting US defence and aerospace companies has shifted its focus to critical infrastructure across Asia following a US-China deal on electronic espionage, according to cyber security company FireEye.

The group, known as the Conference Crew because of its use of email lures based on legitimate conferences, is targeting organisations that keep large amounts of data, as well as striking at telecommunications infrastructure in a number of countries on China’s periphery.

Nations where attacks have been recorded include India, Indonesia, the Philippines and Vietnam, while organisations in Hong Kong and Macau have also been targeted, according to FireEye.

In one case, hackers created a false email invitation to a cyber security summit in Jakarta in order to deceive their targets into downloading malicious software.

The software the group deploys includes programmes that issue commands or gather information on a victim’s system.

“The most likely use of the information or access that’s being collected is for understanding the adversary and understanding their tactics — who’s involved in decision making,” said Bryce Boland, FireEye’s Asia-Pacific chief technology officer.

The group could also use access to telecoms infrastructure to gather information on the whereabouts of individuals by tracking their phones, Mr Boland said.

The hackers were identified as Chinese by details including the tools and infrastructure they use, he added.

Analysts warned of a potential upsurge in Chinese cyber espionage aimed at European or Asian targets following the agreement between Barack Obama and Xi Jinping in 2015, when China and the US agreed not to support cyber-enabled theft of intellectual property. China and Australia agreed a similar pact this week.

This year Singapore’s ministry of defence reported that the personal details of about 850 servicemen and employees had been stolen in a “targeted and carefully planned” attack.

The real purpose of the attack may have been to gain access to official secrets, the ministry said, but these are held on a separate system not connected to the internet.

The cyber attack followed heightened tensions between Singapore and China, including the seizure in Hong Kong of Singaporean armoured personnel carriers used for military manoeuvres in Taiwan.

In Japan, private cyber security companies that work with the Japanese government report a distinct “tactical shift” by hackers they believe to be state-sponsored and specifically hunting for entry-points to Japanese government systems. 

One of the recent incidents involved the discovery of a series of cyber raids on the infrastructure behind various Japanese retailers’ store-card systems — the sort of break-in that can be used to steal huge quantities of customer data and might, in the past, simply have been used as the basis for financial or identity theft. 

But this time, according to a Japanese cyber security executive who declined to be named, they were after something more specific: the passwords of women store-card holders who might be married to senior Japanese bureaucrats and might, for the sake of convenience, use the same passwords that their husbands use to access secured government systems.

“You can see that the odds of success are very, very long,” said the executive. “But that doesn’t matter. Even a one in 10m chance is worth it if the hacker is state-sponsored.” 

Source:https://www.ft.com/content/c8e634fa-2a31-11e7-9ec8-168383da43b7