Thursday, August 4, 2016

China suspected of hacking South China Sea arbitration

Newly discovered malware targeted parties involved with the dispute between China and the Philippines over the South China Sea, researchers announced today.

The antivirus firm F-Secure found samples of the malware, which could be used to spy on a victim's computer, among other functions, in the Philippines's justice department, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an “international law firm representing one of the involved parties.” F-Secure is calling the malware, technically called a remote-access Trojan, “NanHaiShu."
"Not only are the targeted organizations all related to the case in some way, but its appearance coincides chronologically with the publication of news or events related to the arbitration proceedings," said Erka Koivunen, a cybersecurity adviser at F-Secure, in a statement.

The malware infected computers through Microsoft Office documents sent through highly targeted spear-phishing emails. One infected file, “DOJ Staff bonus January 13, 2015.xls," was sent a month after the arbitration tribunal put out a major press release. Others came at major deadlines for both countries.