Security firm: Suspected Chinese malware targets PH
Tensions in the South China Sea seemed to have escalated in cyberspace as a Finland-based security firm alleged that it has found evidence that a malware suspected from China is targeting Philippine agencies involved in the sea dispute.
Finland-based cyber security-company F-Secure said that the malware, dubbed as NanHaiShu (South China Sea rat in Chinese) suspected to be from China, is a Remote Access Trojan (RAT) that allows attackers to exfiltrate data from infected machines.
“If in fact our researchers’ suspicions are correct, it could be that the Chinese were using cyber espionage to gain better visibility into legal proceedings,” said Erka Koivunen, cyber security advisor at F-Secure.
Article continues after this advertisementHe said the advanced persistent threat (APT) malware appears to be linked to the South China dispute and leading proceedings between the Philippines and China. The arbitration court ruled in favor of the Philippines’ case against China’s sweeping maritime claims in the South China Sea in a 500-page document last July 12.
“Not only are the targeted organizations all related to the case in some way, but its appearance coincides chronologically with the publication of news or events related to the arbitration proceedings,” Koivunen said.
The timings of the attacks indicated political motivation, as it occurred within a month whenever there are significant developments to the dispute, the report said.
Article continues after this advertisementAgencies targeted include the Department of Justice; the organizers of Asia Pacific Economic Cooperation Summit, which has held in the Philippines in November 2015; and a major international law firm.
F-Secure said that the malware was spread “via carefully crafted spear phishing emails that contain industry-specific terms relevant to each of the targeted organizations, indicating the emails were deliberately designed with the exact targets in mind.
It is attached in the emails which execute an embedded JScript file. Once opened, the malware sends information from the infected back to the attacker, which could download any file.
“The technical analysis exposed the malware’s notable orientation towards code and infrastructure associated with developers in mainland China,” F-Secure said.
It noted that the agencies targeted are also relevant to the interest of the Chinese government. TVJ
RELATED STORIES
PH among most attacked by mobile malware
PH 7th most vulnerable to mobile malware attacks—security firm