APT30 and Lessons for ASEAN

Today FireEye released a report on a threat group we call APT 30 – one of many threat groups we track. You may have seen other reports from FireEye that talk about attackers focused directly on Western targets - but this report details an attack group specifically targeting governments and businesses across the Indian subcontinent and the ASEAN nations. These persistent and methodical attackers have successfully targeted organizations across these regions for a decade, and have largely evaded detection until recently.  If any organization, large or small, felt that advanced cyber attack affected only well-known companies and countries with large GDPs, this report should make you think twice.  

As APAC CTO for FireEye, I regularly find that organizations in Asia feel they are not likely to be a target of advanced cyber threat. In fact, advanced attackers, aware of the complacency, are exploiting it. The reality is that groups like APT 30 are actively and successfully stealing sensitive information across the region, and this region has some of the highest levels of targeted attacks that we see across the world. Asia’s businesses and governments are heavily targeted, but without the ability to detect these attacks they are largely unprotected from their impacts. This group has been able to operate successfully and remain undetected for many years and has not even had to change their attack infrastructure – a clear sign that their victims don’t realize this is happening.

Business and government leaders should take action: cyber espionage, including that conducted by nation-states, is a very real problem across India and ASEAN. Today, 37% of FireEye’s customers in APAC detected advanced cyber attacks in the 2nd half of 2014 – in other words our customers in this region are 33% more likely to be targeted than the global average of 27%. This attack group, and others, are collectively stealing vast troves of information from all levels of government, defense, media, finance, manufacturing, telecommunications, and other industries - everything from business plans to contract negotiations to manufacturing and design schematics.

The impacts can include the loss of key intellectual property, enabling competitors to steal market share, the loss of negotiation position information leading to inferior contracts and terms of trade, and the loss of major construction contracts due to competitive underbidding.

The economic and diplomatic impacts of such espionage are very serious; since most governments and businesses in the region don't have the ability to detect, prevent, analyze and respond to these attacks, we may never know the full impact of APT30. What is clear is that these attacks can be detected and the impacts can be addressed but only with the right combination of technology, intelligence and expertise.

For security practitioners, we have shared our Indicators of Compromise for you to deploy in your environments here: https://github.com/fireeye/iocs

You can access the report here.