FIREEYE Inc., the intelligence-led security company, on Thursday released new details on nation state groups targeting the Philippines. FireEye President Travis Reese and Asia Pacific Chief Technology Officer Bryce Boland provided intelligence on the new threats which was derived from information gathered from many sources, including FireEye sensors, Mandiant forensic investigations, human intelligence and other methods.
APT32
Cyber espionage actors which FireEye designates APT32 are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests. This group remains very active, and the earliest attacks on Philippine organizations the company is aware of date to last year.
In 2016, APT32 targeted a subsidiary of a Philippine consumer products corporation and a Philippine technology infrastructure company. The group also targeted Philippine government agencies.
Conference Crew
Since at least November 2016, China-based actor Conference Crew has been observed carrying out operations against public and private institutions in at least seven countries in Asia, including the Philippines. Conference Crew sends spear-phishing messages to deliver malware. It also uses watering hole operations to compromise victims visiting websites.
FireEye has observed Conference Crew target public and private institutions in Indonesia, India, the Philippines, Turkey, Vietnam, and China (including Hong Kong and Macao). The group has targeted the defense industry, banking, financial services, telecommunications, consulting, and media, among other sectors. Government targets are predominately involved in national security and diplomacy.
“Philippine organizations face some of the most intense and daunting cyber security threats we see in Asia, and we don’t expect them to recede in the near future. The current geopolitical climate in the region has generated significant uncertainty, and governments are turning to cyber espionage operations to glean more insights in order to alleviate this uncertainty,” said Bryce Boland, Asia Pacific Chief Technology Officer at FireEye. “Conference Crew and APT32 have proven to be very capable adversaries, and we respond to their intrusions on a regular basis. Unfortunately, we find most firms in the Philippines are not prepared to quickly defend against these threats.”
The briefing took place on the sidelines of Cyber Defense Live, an event which brings together various industry leaders and cyber security experts to help them develop stronger strategies to detect and respond to cyber attacks and manage the risks associated with them.