Chinese malware spying on Philippines – security firm
Janvic Mateo (The Philippine Star) - August 7, 2016 - 12:00am

MANILA, Philippines - Malware traced by a security firm to China has been discovered to have spied on the Philippine government and other parties related to the territorial dispute in the West Philippine Sea.

In a report released last week, Finland-based cyber security firm F-Secure identified the malware as NanHaiShu (translated as South China Sea rat), a Remote Access Trojan that can access information from infected computers to its command server.

“The threat actors behind this malware target government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea,” said F-Secure in a statement.

“Based on our observations, the timings of the attacks indicated political motivation, as they occurred either within a month following notable news reports related to the dispute, or within a month leading up to publicly known political events featuring the said issue,” it added.

On its white paper about the malware, F-Secure said NanHaiShu has been discovered in the wild a couple of year ago, but appeared to have been used to target specific websites such as the Philippine Department of Justice (DOJ), the organizers of the 2015 Asia Pacific Economic Cooperation held in Manila and an unidentified international law firm involved in the Philippine case against China.

“The common denominator among the targets selected is that they have some relation to the territorial dispute revolving around the South China Sea,” said the cyber security firm.

Its investigation on the malware started in 2013 when DOJ personnel received an e-mail containing a malware-infected file named “DOJ Staff bonus January 13, 2015.xls.”

It was sent to target DOJ employees after the third press release of the Permanent Court of Arbitration on the case filed against China.

Attacks on the international law firm representing the Philippines was also recorded, including an e-mail with a file targeting lawyers with a file name “Salary and Bonus Data.xls.”

“Our technical analysis indicates a notable orientation towards code and infrastructure associated with developers in Mainland China,” said F-Secure.

“We also consider it significant that the selection of organizations targeted for infiltration are directly relevant to topics that are considered to be of strategic national interest to the Chinese government. Based on these points, we believe that the threat actor is of Chinese origin,” it added.

The attacker can download any file from infected machines. “The downloaded files or scripts may then be used for exfiltration of data that is likely to be highly sensitive, given the profile of its targets,” it added.

Cyber attacks

Earlier, several Philippine government websites had supposedly been subjected to various forms of cyber attacks following the release of the ruling on the arbitration case filed by Philippines against China on July 12.

The STAR learned that at least 68 websites had been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks.

Among those that were at the end of the attacks include websites of agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website.

In July 2015, another cyber-security company reported that the Permanent Court of Arbitration website was infected with a malware by “someone from China.”

Citing information from ThreatConnect Inc., Bloomberg Business reported that the attack happened amidst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the West Philippine Sea.

Philstar
Facebook
  • Latest
  • Trending
Latest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

SIGN IN
or sign in with
Read and share the latest news
whenever and wherever you are.
Top Stories
Features the most relevant stories,
exclusive content, analyses and special reports.
As It Happens
Get bite-sized highlights and up-to-date
information as the news breaks.
Latest
View the most recent
stories of the day.
Log-in
Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Quisque justo est, auctor vel ullamcorper.
Log-in
Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Quisque justo est, auctor vel ullamcorper.
How to follow As It Happens stories
STEP 1
Click the story in the As it Happens section.
How to follow As It Happens stories
STEP 2
Click "Follow Story" for updates on the news.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam eu metus vitae felis tincidunt finibus ut id sapien. Integer volutpat dui eu malesuada dignissim. Sed varius justo nulla, fringilla convallis sem porta sed.
How to follow Author
STEP 1
Click on the author's name in the article.
How to follow Author
STEP 2
Once you click on the author's name, you will be
brought to the Authors page. Click "Follow Author"
to stay updated on the author's works
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam eu metus vitae felis tincidunt finibus ut id sapien. Integer volutpat dui eu malesuada dignissim. Sed varius justo nulla, fringilla convallis sem porta sed.
How to follow Tags
STEP 1
Click on a tag in the article.
How to follow Tags
STEP 2
When you click on a tag, it will take you to the
dedicated tag page where you'll see the article
viewed, along with other stories with that tag.

Click the "follow tag" button to stay updated on
the topic.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam eu metus vitae felis tincidunt finibus ut id sapien. Integer volutpat dui eu malesuada dignissim. Sed varius justo nulla, fringilla convallis sem porta sed.