Chinese Hackers Spying on India and South East Asia for a Decade
A State-sponsored Cyber Espionage Group -- most likely linked to the Chinese government becomes the first group to target the so-called "Air-Gapped Networks" that aren't directly connected to the Internet.

What are Air-Gapped systems?

Air-gapped systems are known to be the most safest and secure systems on the earth. These systems are isolated from the Internet or any other Internet-connected computers or external networks.

Air-gapped systems are generally used in the critical situations that demand high security like in payment networks to process debit and credit card transactions, military networks, and in industrial control systems that operate critical infrastructure of the Nation.

Why Air-Gapped?

It is very difficult to siphon data from Air-Gapped systems because it requires a physical access to the target system or machine in order to do that and gaining physical access is possible only by using removable devices such as a firewire cable or a USB flash drive.


Since 2005, a Chinese Hacking Group has been spying dedicatedly on Governments, Companies & Journalists in Southeast Asia, India, & other countries, according to FireEye.

In a 69-page technical report, FireEye said the Chinese cyber espionage operations went undetected for the last ten years, conducted by a team of highly skilled hackers, dubbed APT30 (Advanced Persistent Threat).

Now here's the deal:

The APT30 Group is particularly interested in stealing information related to:
  • Regional Political
  • Disputed Territories
  • Military and Economic issues
  • Media Organizations and journalists
  • Political Developments in Southeast Asia and India
"APT30's attempts to compromise journalists and media outlets could also be used to punish outlets that do not provide favorable coverage – for example, both the New York Times and Bloomberg have had trouble securing visas for journalists in wake of unfavorable corruption reporting,", the report said.
This isn't enough:

The group has reportedly developed a number of secret hacking tools and backdoors [MILKMAID, ORANGEADE Droppers, CREAMSICLE Downloader, BACKBEND, GEMCUTTER Downloaders] over the period of last ten years and infected victims using Phishing and Social Engineering attacks.

However, the Capability to infiltrating air gapped systems makes the APT30 hacking group more sophisticated in nature.

In order to hack into an air-gapped computer, the group tricked their victims into downloading malware on their home computers.
"APT30 uses three pieces of malware [SHIPSHAPE, SPACESHIP, FLASHFLOOD] that are believed to have been designed to propagate to removable drives with the intent of eventually infecting and stealing data from computers located on air-gapped networks."
The Malware, designed with worm-like capabilities, can infect removable drives such as USB sticks and hard drives. Those devices can transfer the malware if later plugged into the secure networks.

The countries primarily targeted were:
  • India
  • Malaysia
  • Vietnam
  • Thailand
  • South Korea
  • Nepal
  • Bhutan
  • Philippines
  • Singapore
  • Saudi Arabia
  • Indonesia
  • Japan
  • Brunei
  • Myanmar
  • Laos
  • Cambodia
The Government of China has consistently denied these claims, arguing "cybercrime is a global problem."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.