Cyber security platform provider FireEye claimed that new cyber security threats have been targeting Southeast Asia, including the Philippines, aimed at identifying and stealing information about the operations of governments, businesses and media for both political and economic advantage. As such, cyber espionage is something the Philippines needs to address.
Travis Reese, president of FireEye, identified these hacking groups as APT32 and Conference Crew which were sponsored by the government of Vietnam and China, respectively. The operations of these cyber security threat groups, according to Reese, show that “state-sponsored cyber espionage affects the government, as well as business organizations in the Philippines and SEA, where they face persistent threat factors.”
The Vietnamese-sponsored APT32, according to FireEye, targets private sector interests, as well as interests in political influence and foreign governments in SEA using phishing emails, and gaining access to VPN, emails, files, and Web browsing data using malware such as WindShield, Komprogo, Soundbite and Phoreal, in conjunction with commercially-available tools to conduct activities aligned with Vietnamese state interests. The group started its cyber espionage activities in 2013. In 2016, APT32 targeted technology and infrastructure sectors in the Philippines using the WindShield malware. The group also targeted Philippine government agencies. The Conference Crew, on the other hand, is a Chinese hacker group observed to be carrying out activities against critical public and private institutions in the Philippines, Indonesia, India, Turkey, Vietnam, and China, including Hong Kong and Macau.
The Conference Crew uses email lures containing a link that launches malware payload when opened, to serve as invitations to conferences and is targeting industries including banking and financial services, defense, telecommunications, government, consulting and media. Government targets are predominantly involved in national security and diplomacy.
These hacking groups remain very active and have proven to be very capable adversaries, according to Bryce Boland, Asia-Pacific chief technology officer at FireEye.
“Philippine organizations face some of the most intense and daunting cyber security threats we see in Asia, and we don’t expect them to recede in the near future. The current geopolitical climate in the region has generated significant uncertainty, and governments are turning to cyber espionage operations to glean more insights in order to alleviate this uncertainty,” Boland ended.