National

Experts say China hackers 'APT10 Group' likely behind attack on major Japanese business lobby in 2016

Kyodo, Staff Report

A hacking group based in China known within the cybersecurity community as the so-called APT10 Group was likely involved in a hacking incident that targeted the Japan Business Federation, also known as the Keidanren, in 2016, cybersecurity experts said Sunday.

They said the type of virus detected and servers involved in the cyberattack on Keidanren were identical to those used in past cases attributed to APT10.

The business lobby said in November 2016 that internal data had been leaked from personal computers. Its investigative team has found a large volume of suspicious data communications between 10 external servers and 23 infected PCs.

Data feared to have been released included information regarding policy recommendations, lists of names related to internal committees, and email exchanges with public officers and member companies, according to the Keidanren.

Also Sunday, the Asahi Shimbun daily also cited a report linking the Chinese group, which has been accused by the United States government in a series of cybertheft cases around the world, to attacks on other Japanese institutions.

The U.S. indicted two Chinese nationals who belonged to the group late last year over alleged state-sponsored cyberattacks targeting government agencies and companies in the U.S.

The types of computer viruses used in the Keidanren attack as well as the external computer addresses to which information was covertly transmitted were very similar to some that have turned up in a separate report conducted by a number of British entities.

That report said a Chinese hacking group identified as APT10 was responsible for “systematically targeting Japanese organizations.”

While the report said APT10 had infiltrated the computer systems of the Foreign Ministry, the ruling Liberal Democratic Party and the Japan International Cooperation Agency, no mention was made of the Keidanren attack, according to Asahi.

In December, Japan criticized the group over cyberattacks targeting its government, companies and academic institutions, and urged Beijing to take “responsible” actions.

APT10, short for Advanced Persistent Threat 10, was first identified by U.S. cybersecurity firm FireEye, according to media reports. Widely known within the cybersecurity community, the group is one of several that share the “APT” tag, indicating their willingness to pursue targets over long periods of time. APT10 also goes by the names “Red Apollo” and “Stone Panda.”

The group is said to have engaged in multiple hacking campaigns into computer systems around the world since at least as early as 2006, as part of what the U.S. and some allies say is a massive hacking campaign by China to steal trade secrets and technologies.