Face of Nation : A Chinese cyber espionage group is believed to be targeting key countries for China’s Belt and Road Initiative, reveals a report by FireEye, an American cybersecurity company.
“APT40 (Periscope) is a Chinese cyberespionage group that typically targets countries strategically important to China’s “Belt and Road Initiative.” Target countries are concentrated in Southeast Asia or are host to global entities involved in maritime issues, such as shipping or naval technology,” a report issued by the company, titled “M-Trends 2019” said.
FireEye says that its researchers had concluded with “high confidence” that it was part of China’s online spying operations.
It said the group’s activities dated back to at least January 2013 and its victims included “maritime targets, defence, aviation, chemicals, research/education, government and technology organisations”.
The report said, “We assess with high confidence that APT40 is attributable to Chinese cyber espionage operators based on a variety of factors. APT40 has used Internet Protocol (IP) addresses located in Hainan, China, as well as other locations in mainland China”.
“Additionally, APT40 infrastructure has relied on the use of domain resellers with Chinese contact information. Analysis of the operational times of the group’s activities indicates that it is probably centred around Beijing time (UTC +8),” it added.
The FireEye report said that APT40’s activities lessened after September 2015, when Chinese President Xi Jinping reached an agreement on cybersecurity with former US president Barack Obama. However, a recent surge has been registered since December 2017.
Although APT40 has attracted the attention of international security agencies, the report said the group is expected to remain active.