Chinese cyberspies accused of targeting Japanese defence firms for North Korea secrets

The attacks are suspected to come from a group known as APT10, a China-based espionage group that FireEye has been tracking since 2009.
The attacks are suspected to come from a group known as APT10, a China-based espionage group that FireEye has been tracking since 2009. PHOTO: REUTERS

HONG KONG (BLOOMBERG) - Chinese hackers have targeted Japanese defence companies, possibly to get information on Tokyo's policy toward resolving the North Korean nuclear impasse, according to cybersecurity firm FireEye Inc.

The attacks are suspected to come from a group known as APT10, a China-based espionage group that FireEye has been tracking since 2009.

One of the lures used in a "spear-phishing" e-mail attack was a defence lecture given by former head of Unesco, Koichiro Matsuura. Two attacks took place between September and October 2017.

"Lure content related to the defence industry suggests that a possible motive behind the intrusion attempt is gaining insider information on policy prescription to resolve the North Korean nuclear issue," said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye.

China's Ministry of Foreign Affairs didn't respond to a faxed request for comment on Friday (April 20). After a similar FireEye report involving US targets last month (March), ministry spokesman Lu Kang said that China opposed all kinds of cyber attacks.

The foreign ministers of China and Japan met in Tokyo earlier this month and agreed to work closely to push North Korea to abandon its nuclear programme.

The latest sign of improved cooperation between Asia's two largest economies comes ahead of a summit between the two Koreas and a potential meeting between US President Donald Trump and North Korean leader Kim Jong Un.

MULTIPLE ATTACKS

FireEye has detected multiple attacks on geopolitical targets. Among the most recent, a wave of incursions on mainly US engineering and defence companies linked to the South China Sea, where China's claims for more than 80 per cent of the water clash with five other nations.

In 2016, the website of Taiwan's Democratic Progressive Party was attacked months after the party won elections, securing its leader Tsai Ing-wen the presidency.

"We believe APT10 is primarily tasked with collecting critical information in response to shifts in regional geopolitics and frequently targets organisations with long research and development cycles," Boland said, citing firms in construction and engineering, aerospace and military, telecommunications and high-tech industries.

In an unusual development, the hackers inserted lines of text in the malware associated with the Japanese attacks mocking the security researchers.

Such gems included, "I'm here waiting for u," "POWERED BY APT632185,NORTH KOREA," and "According to the analysis report, Some Japanese analysts have always been portrayed as a bit of joke."

Also under attack since November 2017 have been Japanese healthcare companies. "China's new push on pharmaceutical innovation as a national priority, along with rising cancer rates, will likely drive future espionage operations against the healthcare industry," said Boland.

Mandiant, a unit of FireEye, alleged in 2013 that China's military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The US issued indictments against five military officials who were purported to be members of that group.