HONG KONG – Chinese hackers have targeted Japanese defense companies, possibly to get information about Tokyo’s policy toward resolving the North Korean nuclear impasse, according to cybersecurity firm FireEye Inc.
The attacks are suspected by the firm to have been carried out by a group known as APT10, a China-based espionage group that FireEye has been tracking since 2009. Apparently, one of the lures used in a “spear-phishing” email attack was a defense lecture given by former head of UNESCO, Koichiro Matsuura. Two attacks are said to have taken place between September and October last year.
“Lure content related to the defense industry suggests that a possible motive behind the intrusion attempt is gaining insider information on policy prescription to resolve the North Korean nuclear issue,” said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye.
China’s Ministry of Foreign Affairs didn’t respond to a faxed request for comment Friday. After a similar FireEye report involving U.S. targets last month, ministry spokesman Lu Kang said that China opposes all kinds of cyberattacks.
The suspected attacks coincided with a dramatic escalation in tensions over North Korea’s nuclear weapons program, as supreme leader Kim Jong Un tested a hydrogen bomb and U.S. President Donald Trump threatened to “totally destroy” the country. The U.S. and Japan have been coordinating their diplomatic and military pressure campaigns against the country, and neighboring China is anxious to avoid a clash on its border.
Tensions have eased since the two Koreas started talking ahead of the Pyeongchang Winter Olympics and Trump granted an unprecedented meeting with the North Korean leader. Earlier this month, the foreign ministers of China and Japan agreed to work closely to push the regime to surrender its nuclear weapons program, although Japanese officials continue to express skepticism about Kim’s willingness to make a deal.
The latest reported cyberattacks mirror other recent hacks with geopolitical overtones investigated by FireEye.
Among the most recent are a wave of incursions on mainly U.S. engineering and defense companies linked to the South China Sea — where China’s claims for more than 80 percent of the important area clash with those of five other nations. In 2016, the website of Taiwan’s Democratic Progressive Party was attacked months after the party won elections that secured the presidency for its leader, Tsai Ing-wen.
“We believe APT10 is primarily tasked with collecting critical information in response to shifts in regional geopolitics and frequently targets organizations with long research and development cycles,” Boland said, citing firms in construction and engineering, aerospace and military, telecommunications and high-tech industries.
In an unusual development, the hackers inserted lines of text in the malware associated with the Japanese attacks mocking the security researchers. Examples included, “I’m here waiting for u,” “POWERED BY APT632185,NORTH KOREA,” and “According to the analysis report, Some Japanese analysts have always been portrayed as a bit of joke.”
Also under attack since November 2017 have been Japanese health care companies. “China’s new push on pharmaceutical innovation as a national priority, along with rising cancer rates, will likely drive future espionage operations against the health care industry,” Boland said.
Mandiant, a unit of FireEye, alleged in 2013 that China’s military might have been behind a group that had hacked at least 141 companies worldwide since 2006. The U.S. issued indictments against five military officials who were purported to be members of that group.