CNN Philippines reports that Finland-based security company F-Secure claimed on Thursday to have found nasty Chinese-made malware spying on “confidential information of government and private organizations, including the Philippines’ Department of Justice.” That can’t be good.
The cyber attacks even targeted the organizers of last year’s Manila-held Asia-Pacific Economic Cooperation (APEC) and an unnamed international law firm which represented the Philippines during the arbitration case.
The malware called “NanHaiShu” (“South China Sea rat”), is a Remote Access Trojan (RAT), designed to steal information from its victims. RATs are usually disguised as normal files and are spread via emails. Once opened, they infect the victim’s system and begin their cycle of gathering and sending information back to the malware creator.
F-Secure remarked that the malware occurrence was politically-motivated, considering the current geopolitical situation between China and the Philippines. They added that they discovered the malware while exploring the web security environment ahead of the earlier Manila APEC Summit. They then traced the malware’s variants and found that their release dates coincided with certain milestones in the arbitration case between the Philippines and China.
F-Secure Threat Intelligence Team Senior Manager Mina Aquino said on Friday that based on the targets, the perpetrators were most likely the Chinese government. “The attackers were able to gain access to confidential information. That includes documents or could be political secrets,” she added.
NBI’s Cybercrime Division Chief Ronald Aguto Jr. said that an investigation into the alleged malware-driven breaches is underway.