Security firm: Suspected Chinese malware targets PH | Inquirer Technology

Security firm: Suspected Chinese malware targets PH

/ 12:19 AM August 06, 2016

Tensions in the South China Sea seemed to have escalated in cyberspace as a Finland-based security firm alleged that it has found evidence that a malware suspected from China is targeting Philippine agencies involved in the sea dispute.

Finland-based cyber security-company F-Secure said that the malware, dubbed as NanHaiShu (South China Sea rat in Chinese) suspected to be from China, is a Remote Access Trojan (RAT) that allows attackers to exfiltrate data from infected machines.

“If in fact our researchers’ suspicions are correct, it could be that the Chinese were using cyber espionage to gain better visibility into legal proceedings,” said Erka Koivunen, cyber security advisor at F-Secure.

Article continues after this advertisement

He said the advanced persistent threat (APT) malware appears to be linked to the South China dispute and leading proceedings between the Philippines and China. The arbitration court ruled in favor of the Philippines’ case against China’s sweeping maritime claims in the South China Sea in a 500-page document last July 12.

FEATURED STORIES

“Not only are the targeted organizations all related to the case in some way, but its appearance coincides chronologically with the publication of news or events related to the arbitration proceedings,” Koivunen said.

The timings of the attacks indicated political motivation, as it occurred within a month whenever there are significant developments to the dispute, the report said.

Article continues after this advertisement

Agencies targeted include the Department of Justice; the organizers of Asia Pacific Economic Cooperation Summit, which has held in the Philippines in November 2015; and a major international law firm.

Article continues after this advertisement

F-Secure said that the malware was spread “via carefully crafted spear phishing emails that contain industry-specific terms relevant to each of the targeted organizations, indicating the emails were deliberately designed with the exact targets in mind.

Article continues after this advertisement

It is attached in the emails which execute an embedded JScript file. Once opened, the malware sends information from the infected back to the attacker, which could download any file.

“The technical analysis exposed the malware’s notable orientation towards code and infrastructure associated with developers in mainland China,” F-Secure said.

Article continues after this advertisement

It noted that the agencies targeted are also relevant to the interest of the Chinese government. TVJ

RELATED STORIES

PH among most attacked by mobile malware

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

PH 7th most vulnerable to mobile malware attacks—security firm

TOPICS: Finland, malware, South China Sea, technology, Territorial dispute
TAGS: Finland, malware, South China Sea, technology, Territorial dispute

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.