Chinese hackers have been targeting the organisers of the Hong Kong protests that took place last year using a combination of malicious software and cloud storage programs.
Security researchers at FireEye found that the attacks, which were launched in August, had a level of sophistication which suggested national governments were involved. However, there is no direct evidence that the Chinese government authorised the hacks.
The attack involved the targeting of individuals known to be involved with the pro-democracy movement in Hong Kong, alongside local media outlets, with a spearfishing campaign. Victims received a seemingly genuine email that actually contained a malicious attachment. The malware, dubbed LOWBALL, then used the Dropbox API to download, upload and execute files. Various malware strains are now using legitimate cloud software in an attempt to hide their activity from network defenders.
Although difficult to prove, it is certainly plausible that the cyberattacks were approved by the Chinese government, which has been known to engage in cyberwarfare.
“The targeting has often focused on Hong Kong-based media, particularly those that publish pro-democracy material,” explain FireEye researchers. “The media organisations targeted with the threat group’s well-crafted Chinese language lure documents are precisely those whose networks Beijing would seek to monitor. Cyber threat groups’ access to the media organisation’s networks could potentially provide the government advance warning on upcoming protests, information on pro-democracy group leaders, and insights needed to disrupt activity on the Internet, such as what occurred in mid-2014 when several websites were brought down in denial of service attacks.”
China is known for having a somewhat draconian approach to network technology, censoring a number of well-known websites. This activity escalated during last year’s Hong Kong protests, with pro-democracy websites and image sharing platforms like Instagram finding themselves blocked in the country.
Image Credit: Flickr/Philip Jägenstedt