Hong Kong Government Hacked by Chinese Cyberspies, FireEye Saysby
Two government agencies targeted ahead of legislative election
Motive ‘certainly’ political, based on the targets, group says
Two Hong Hong government agencies have come under attack from cyberspies originating in China in the month leading up to Sunday’s legislative elections, according to a U.S. cybersecurity firm.
On at least three occasions in early August, the China-based group APT 3 targeted the organizations with “spear-phishing” attacks, in which e-mails with malicious links and attachments containing malware are used to access computer networks, said John Watters, president of iSIGHT, a unit of FireEye Inc. He said the hacks were “certainly” politically motivated, based on their targets.
Watters declined to say what agencies were attacked because his firm seeks to identify attackers, not shine a spotlight on the victims. It wasn’t possible to confirm whether APT 3 was linked to any Chinese government organization, he said, adding that the Hong Kong authorities had been informed of the incidents.
The Hong Kong’s government office for information confirmed it had been informed about the hacks. “Relevant security measures had already been put in place to block the suspicious e-mails,” it said in a statement. “So far, there is no security incident report from the two concerned departments.”
While Hong Kong was returned to China in 1997, the former British colony was guaranteed a “high degree of autonomy” for at least 50 years under a deal with the U.K. Beijing’s influence over the financial hub has been a key campaign issue in Sunday’s elections, in which voters will select lawmakers for the city’s 70-seat Legislative Council.
“What it appears to be is an opportunity to gain information without having the transparency of having to make a request,” Watters said. “If you want to know what someone’s thinking, would you rather read their diary or hear their prepared remarks?”
It wasn’t possible to verify what information, if any, had been stolen, Watters said.
The Hong Kong and Macau Affairs Office of the State Council in Beijing didn’t immediately respond to faxed questions about the incident.
Incidents of U.S. hacking by China-based groups have fallen since President Xi Jinping’s visited the U.S. last September and reached a cybersecurity deal, according to FireEye. Some of those hacking groups have refocused their energies on Asian targets amid an increase in regional tensions. Vietnam in particular has come under attack with malicious code disguised as antivirus software found lurking in everything from government offices to banks, companies and universities.
Watters said his firm has tracked APT 3 since 2011, over which time it has been blamed for hacking companies in industries from telecommunications to agriculture, in countries including the U.S., Germany and Italy. APT 3 is among the top hackers based on sophistication and constant updates of tools it uses to access networks, he said.
Mandiant, another unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The U.S. issued indictments against five military officials who were purported to be members of that group.
Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrates their computers and helps them access broader networks. ISIGHT tracks malware globally, and traced its presence to the networks of the Hong Kong government agencies, Watters said.
The subject of one of the e-mails used in the attacks in Hong Kong was a report on election results with a hyperlink to what the reader would assume was the report itself, Watters said. The hyperlink leads to a compromised sub-domain that contains the malware.