FireEye, Inc, the leader in stopping today’s advanced cyber-attacks, has released the new Intelligence Report “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation.” The report provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government.
Conducting cyber espionage since at least 2005, APT 30 is one of the longest operating APT groups that FireEye tracks. The group has maintained largely consistent targeting in Southeast Asia and India, including targets in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines and Indonesia, among other countries. In addition, APT 30’s attack tools, tactics, and procedures (TTPs) have remained markedly consistent since inception – a rare finding as most APT actors adjust their TTPs regularly to evade detection.
“Advanced threat group like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” said Dan McWhorter, VP of threat intelligence, FireEye. “Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will help empower the region’s governments and businesses to quickly begin to detect, prevent, analyse and respond to this established threat.”
Analysis conducted on APT 30’s malware reveals a methodical approach to software development similar to that of established technology businesses – an approach that aligns closely to the various diplomatic, political, media and private-sector environments they intended to breach. Their targets possess information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party.
To learn more about APT 30, their operations and their targets, please view the full report at: https://www2.fireeye.com/WEB-2015RPTAPT30.html.
For businesses and security practitioners, the threat intelligence on APT 30 that FireEye is sharing can be found at: https://github.com/fireeye/iocs.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.