South China Sea

This aerial photo taken through a glass window of a military plane shows China’s alleged on-going reclamation of Mischief Reef in the Spratly Islands in the South China Sea. Pic: AP.

Philippines’ DoJ becomes target of Chinese hackers over South China Sea row

RESEARCH by Finnish security firm F-Secure has revealed that hackers believed to be based in China have targeted a number of government and private-sector organizations in Asia Pacific in relation to the recent South China Sea dispute.

The hackers were found to have targeted the Philippines’ Department of Justice, as well as organizers of the Asia-Pacific Economic Cooperation (APEC) summit, and employees of an unnamed major international law firm using a malicious program identified as ‘NanHaiShu’.

According to the research, F-Secure first encountered a sample of ‘NanHaiShu’ in the last couple of years. “Technically speaking, the malware is a Remote Access Trojan (RAT) that is spread in spearphishing email message include, among other things, industry-specific terms that indicate they were deliberately designed with the specific targets in mind.”

The email message contains an attachment that contains a VBA macro, which executes an embedded JScript file. The attack is only effective if the default security setting in Microsoft Office is modified to allow for macro execution, the F-Secure believes the hackers are aware that the target use VBA macros in their business environments.

SEE ALSO: Hackers leak Thai prison data files in ongoing protest against Koh Tao convictions

Cybersecurity advisor at F-Secure, Erka Koivunen, told Motherboard that some other organizations were also targeted but have not been named because of the sensitive material involved.

Koivunen was quoted saying that they cannot say if it was the Chinese government that specifically ordered the attack, and “even if it was we would not be in the position to say which organization within China’s government that would be”.

The research confirmed that all the targets selected had some relation to the South China Sea row. In July, the Hague Tribunal ruled against Beijing’s claims over the territory in response to the arbitration case brought against China by the Philippines.

China rejected the ruling vehemently, and has warned that it could intensify conflict and could lead to confrontation. The Chinese ambassador to the U.S. has also accused the Hague Tribunal of “professional incompetence” over the matter.

F-Secure’s technical analysis also found a “notable orientation towards code and infrastructure associated with developers in mainland China”, leading to their conviction that the hackers are based there.

‘NanHaiShu’ allows the attacker to download any file they want from an infected device, which can then be used for “exfiltration of data that is likely to be highly sensitive” – a huge security breach for the organizations targeted.

Koivunen added: “Typically, whenever there are political disputes and big stakes on political and economic matters, I would always assume that espionage by any means is going to take place – and cyber espionage is known to be cost-effective and reasonably difficult to attribute.”