India on Chinese hackers' radar
"Such a sustained, planned development effort coupled with the (hacking) group's regional targets and mission, lead us to believe that this activity is state-sponsored - most likely the Chinese government," the report's authors said.
Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye and co-author of the report, said the attack was still ongoing, noting that the servers the attackers used were still operational, and that FireEye continued to see attacks against its customers, who number among the targets.
Reuters couldn't independently confirm any of the assertions made in the report.
China has always denied accusations that it uses the Internet to spy on governments, organisations and companies. Neither the Foreign Ministry nor the Cyberspace Administration of China, the Internet regulator, immediately responded to written requests for comment on the FireEye report on Monday.
China has been accused before of targeting countries in South and Southeast Asia. In 2011, researchers from McAfee reported a campaign dubbed Shady Rat which attacked Asian governments and institutions, among other targets.
Efforts by the 10-member Association of Southeast Asian Nations (ASEAN) to build cyber defences have been sporadic. While ASEAN has long acknowledged its importance, "very little has come of this discourse," said Miguel Gomez, a researcher at De La Salle University in the Philippines.
The problem is not new: Singapore has reported sophisticated cyber-espionage attacks on civil servants in several ministries dating back to 2004.
The campaign described by FireEye differs from other such operations mostly in its scale and longevity, Boland said.
He said the group appeared to include at least two software developers. The report did not offer other indications of the possible size of the group or where it's based.
The group remained undetected for so long it was able to re-use methods and malware dating back to 2005, and developed its own system to manage and prioritize attacks, even organising shifts to cope with the workload and different languages of its targets, Boland told Reuters.
The attackers focused not only on governments, but on ASEAN itself, as well as corporations and journalists interested in China. Other targets included Indian or Southeast Asian-based companies in sectors such as construction, energy, transport, telecommunications and aviation, FireEye says.
Mostly they sought to gain access by sending so-called phishing emails to targets purported to come from colleagues or trusted sources, and containing documents relevant to their interests.
Boland said it wasn't possible to gauge the damage done as it had taken place over such a long period, but he said the impact could be "massive".
"Without being able to detect it, there's no way these agencies can work out what the impacts are. They don't know what has been stolen."
- Seeking nominations for the 2024 rising stars of adtech
- Eli Lilly stock will surge 29% over the next year with its weight-loss drug on pace to do $60 billion in sales by 2030, BofA says
- A millennial who quit her office job to live in a school bus explains what her lifestyle costs and how she makes 6 figures freelancing
- Mukka Proteins IPO allotment – How to check allotment, GMP, listing date and more
- Know what are the 7 signs and symptoms of high cholesterol in your body
- Tata Motors to demerge biz into two separate listed companies
- Best drinks for constipation relief and digestive ease
- 10 Reasons why you should opt for plant-based diet