Chinese Cyber Espionage Targets South China Sea Energy Companies

A cybersecurity analytics firm believes that a Chinese cyber espionage campaign targeting the South China Sea has affected regional South China Sea energy companies.

A recent report from ThreatConnect Inc. and Defense Group Inc. (DGI), Project CAMERASHY: Closing the Aperture on China’s Unit 78020, documents the Chinese People’s Liberation Army (PLA) cyber espionage campaign to gain the upper hand in the geopolitical standoff in the South China Sea. PLA orchestrated this efforts through an Advanced Persistent Threat (APT) Group called Naikon.

For nearly five years, PLA Unit 78020 used an array of global midpoint infrastructure to proxy the command and control of customized malware variants embedded within malicious attachments or document exploits. Targets of the PLA’s campaign have included the governments of Cambodia, Indonesia, Laos, Malaysia, Nepal, Philippines, Singapore, Thailand and Vietnam, as well international organizations such as the United Nations Development Programme and the Association of Southeast Asian Nations.

ThreatConnect believes that regional energy companies also have been affected, given Unit 78020’s capabilities and infrastructure, themes and naming conventions observed in their campaigns, as well as observations from others in the industry, Rich Barger, CIO and co-founder of ThreatConnect, told Rigzone in an email statement.

“But, this is bigger than just one advanced persistent group or one regional campaign,” Barger explained. “Many APTs are targeting oil and gas companies as well as their supply chain. Energy is strategic to every nation. So, it is not surprising that China would leverage a network exploitation to obtain an upper hand in oil and gas block releases and development, extraction technology or contract negotiations.”

The campaign’s strategic implications for the United States include cyber threats not only against military alliances and security partnerships in the region, but risks to interests in a major artery of international commerce, through which trillions of dollars in global trade moves each year, ThreatConnect said in a Sept. 24 press statement.

ThreatConnect and DGI based their assessment not only on technical analysis of Naikon threat activity, but native language research on a PLA officer within the unit named Ge Xing.


View Full Article


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.