Threat Intelligence, Incident Response, Malware, TDR

For 10 years, cyberespionage group ‘APT 30’ targeted SE Asia, India


FireEye has revealed a years-long cyberespionage operation targeting organizations in Southeast Asia and India.

The threat group, dubbed “APT 30,” took “special interest in political developments” in those regions, and used modularized malware – including tools called, BACKSPACE, SHIPSHAPE, SPACESHIP and FLASHFLOOD – so that various modules could be loaded to “create a wide range of variants as they were needed” against specific targets, FireEye said in Sunday blog post.

Journalists and media organizations that focused on related political issues were also targeted in the 10-year campaign, which dates back to 2004, researchers revealed. In a detailed report on APT 30, FireEye noted that malware used by the group, believed to be sponsored by the Chinese government, was also capable of stealing data from air-gapped networks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.