A sophisticated hacker group believed to be from China has been mounting a coordinated 'APT30' campaign capable of infiltrating air gapped systems, according to researchers at FireEye.
The researchers reported the campaign in a white paper entitled APT30 and the Mechanics of a Long Running Cyber Espionage Operation (PDF), warning that the attacks have successfully infiltrated numerous targets over the past 10 years.
"APT30 predominantly targets entities that may satisfy government intelligence collection requirements. The vast majority of APT30's victims are in Southeast Asia," read the paper.
"Much of their social engineering efforts suggests the group is particularly interested in regional political, military and economic issues, disputed territories, and media organisations and journalists who report on topics pertaining to China and the government's legitimacy."
The group reportedly infects victims using phishing messages, and deploys a sophisticated set of attack tools and backdoors that have been developed over the past 10 years.
"Although APT30 has used a variety of secondary or supporting tools over the years their primary tools have remained remarkably consistent over time, namely the backdoors Backspace and Neteagle, and a set of tools believed to be designed to infect air-gapped networks via infected removable drives," read the report.
FireEye highlighted the APT30 group's long running success using the same attack strategy as being particularly troubling.
"Typically, threat groups who register domains for malicious use will abandon them after a few years. APT30, however, has used some of their domains for more than five years," read the report.
"For such a long operational history, APT30 appears to have conducted their activity using a surprisingly limited number of tools and backdoors.
"One reason for this might be that they have had no need to diversify or add to their arsenal if they have been successful with their current approach."
The white paper said that, while attribution is always difficult, evidence suggests that APT30 may be sponsored by the Chinese authorities.
"Such a sustained, planned development effort, coupled with the group's regional targets and mission, leads us to believe that this activity is state sponsored, most likely by the Chinese government," read the report.
APT30 is one of many threat campaigns believed to have links to the Chinese government.
Google announced plans to no longer recognise certificates served by the China Internet Network Information Centre, following reports that the internet body was pushing bogus certificates in late March that could be used to target Mac, Windows and Linux users.
The Chinese government has consistently denied the claims, arguing that "cyber crime is a global problem".
The report comes at the same time that it was reported the US government has blocked Intel from supplying chips to the Chinese government for a supercomputer amid fears it will be used for nuclear research.
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Successful attack could result in harm to patients and financial loss, warns NHS governing body