FireEye has revealed a years-long cyberespionage operation targeting organizations in Southeast Asia and India.
The threat group, dubbed “APT 30,” took “special interest in political developments” in those regions, and used modularized malware – including tools called, BACKSPACE, SHIPSHAPE, SPACESHIP and FLASHFLOOD – so that various modules could be loaded to “create a wide range of variants as they were needed” against specific targets, FireEye said in Sunday blog post.
Journalists and media organizations that focused on related political issues were also targeted in the 10-year campaign, which dates back to 2004, researchers revealed. In a detailed report on APT 30, FireEye noted that malware used by the group, believed to be sponsored by the Chinese government, was also capable of stealing data from air-gapped networks.
