China Cyberspies Mined Japan Firms for North Korea Secrets

Chinese hackers have targeted Japanese defense companies, possibly to get information on Tokyo’s policy toward resolving the North Korean nuclear impasse, according to Bloomberg.

The attacks are suspected to come from a group known as APT10, a China-based espionage group that cybersecurity firm FireEye has been tracking since 2009. One of the lures used in a “spear-phishing“ email attack was a defense lecture given by former head of UNESCO, Koichiro Matsuura. Two attacks took place between September and October 2017.

“Lure content related to the defense industry suggests that a possible motive behind the intrusion attempt is gaining insider information on policy prescription to resolve the North Korean nuclear issue,“ said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye. “We believe APT10 is primarily tasked with collecting critical information in response to shifts in regional geopolitics and frequently targets organizations with long research and development cycles,“ Boland said.

The latest cyberattacks mirror other recent hacks with geopolitical overtones investigated by FireEye. Among the most recent, a wave of incursions on mainly U.S. engineering and defense companies linked to the South China Sea, where China’s claims for more than 80 percent of the water clash with five other nations. In 2016, the website of Taiwan’s Democratic Progressive Party was attacked months after the party won elections, securing its leader Tsai Ing-wen the presidency.

In an unusual development, the hackers inserted lines of text in the malware associated with the Japanese attacks mocking the security researchers. Such gems included, “I’m here waiting for u,“ “POWERED BY APT632185,NORTH KOREA,“ and “According to the analysis report, Some Japanese analysts have always been portrayed as a bit of joke.“