‘Hackers may be targeting Phl intel on SCS dispute’

MANILA, Philippines -  Hackers linked with the Vietnamese government are likely targeting Philippine government agencies to gather intelligence related to the maritime dispute in the South China Sea, cybersecurity company FireEye said on Thursday.

That same group, which FireEye called APT32, was also responsible for attacking a Philippine consumer products corporation and a Philippine technology infrastructure firm in 2016, the company said in a media briefing.

Bryce Boland, chief technology officer for Asia Pacific, said the company had observed that APT32 was targeting not just multinational companies and organizations doing business in Vietnam but Philippine government agencies as well.

“This is presumably in order to gain access to information about military preparation and understanding how the organizations within the government operate in order to be better prepared in case of potentially military conflict,” Boland said.

“There are overlapping claims between Vietnam and the Philippines over some islands in the South China Sea and it is quite likely that intelligence gathering is starting around that,” Boland said.

Vietnam has strongly rejected allegations it supports hacking.

“The government of Vietnam does not allow any form of cyber attacks against organizations or individuals,” Foreign Ministry spokeswoman Le Thi Thu Hang said earlier this month in response to similar accusations.

“All cyber attacks or threats to cyber security must be condemned and severely punished in accordance with regulations and laws.”

A spokesman for the Department of Foreign Affairs in Manila did not immediately respond to a telephone call or text message requesting comment.

The Philippines, Vietnam, China, Malaysia, Taiwan and Brunei contest all or parts of the South China Sea, through which about $5 trillion in ship-borne trade passes every year.

APT stands for advanced persistent threat, a term usually reserved for state-sponsored hacker groups.

“We believe all of the activities of APT32 are aligned to the interests of the Vietnamese government,” Boland said.

In the same briefing held in Makati City, Boland said FireEye has monitored eight active foreign cyber groups that have been continuously targeting the Philippines. The groups were identified as APT1, APT14, APT 15, APT23, APT25, APT30, APT32 and the Conference Crew.

“APT32 has been targeting not only the Philippines, but also United Kingdom, China, Germany and even Vietnamese nationals around the globe. It is a cyber espionage group aligned with Vietnamese government interests, targeting private sector interests in Southeast Asia,” Boland said.

On the other hand, the Conference Crew group has been monitored to have expanded operational reach targeting critical public and private institutions in at least seven countries in recent months.

The China-based cyber group has been targeting public and private institutions in Indonesia, India, the Philippines, Turkey, Vietnam, China, Hong Kong and Macau, FireEye said.

These cyber attacks or espionage operations by Vietnam and China targeting the Philippines and other states have increased in frequency in the wake of mounting maritime tension in the South China Sea.

Firms in the defense industry, banking, financial services, telecommunications, consulting and media have been affected.

Government targets are predominantly those involved in national security and diplomacy.

FireEye detected their malware payloads as Evero, Elise and Emissary, Boland bared.

Reese said the current geopolitical climate in the region has generated significant uncertainty and governments are turning to cyber espionage to counter threats.

“Conference Crew and APT32 have proven to be very capable adversaries, and we respond to their intrusions on a regular basis. Unfortunately, we find most firms in the Philippines are not prepared to quickly defend against these threats,” Boland said.

For his part, FireEye president Travis Reese, a retired US military intelligence officer, clarified that as security provider, FireEye is only doing its job in releasing these latest cyber security intelligence findings and updating concerned states and firms on developing or ongoing cyber activities across the globe.

“We are not anti-Vietnam or anti-China, we’re just bringing out the facts. There’s evidence that they are doing these state-sponsored hacking that we deem should be known,” Reese said, as he pointed out that espionage is the oldest profession in the world.