Silent War – Trojan Horse in China’s Service?

This post is also available in: עברית (Hebrew)

The ongoing dispute over the South China Sea has apparently spilled over into cyberspace recently, as hackers allegedly from China have attacked government and private-sector organizations linked to the row over the key waterway.

Japan Times reported that hackers using malicious software have tried to swipe sensitive information from the Philippines and other targets.

The actors behind this malware target government and private-sector organizations that were involved in the international territorial dispute centering on the South China Sea. Hence, the name of the malware, which means South China Sea rat.

Cybersecurity firm F-Secure, that spotted the malware, said that it has been following the threat refered to as Remote Access Trojan since last year. Based on their observations, the timings of the attacks indicated political motivation, as they occurred either within a month following notable news reports related to the dispute, or within a month leading up to publicly-known political events featuring the said issue.

While the malware samples uncovered had initially been connecting to command-and-control servers hosted by a U.S. cloud-computing service, that changed on Oct. 26, 2015, when all servers pointed to a Chinese IP address. This shift coincided with reports of a U.S. Navy ship making the first in a planned series of so-called freedom of navigation operations near Chinese-controlled islets in the South China Sea.

Targets included the Philippines Department of Justice, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an unidentified major international law firm involved in last month’s landmark South China Sea arbitration decision at The Hague, the company report said.