Is this China’s digital riot police?
A “particularly remarkable advanced persistent threat” has been compromising websites in Hong Kong and Japan for months, according to Volexity.
The pro-democratic sites that have been infected include “Alliance for True Democracy – Hong Kong” and “People Power – Hong Kong” along with several others identified with the Occupy Central and Umbrella Revolution student movements behind the massive protests against the Chinese government. Visitors to the sites are being targeted by malware designed for “exploitation, compromise, and digital surveillance”.
In an analysis on our Labs Blog, Micke notes that it’s possible that cybercriminals could be simply piggybacking on the news without any political motivation. However, the Remote Access Trojans (RATs) being used could provide serious advantages to political opponents of the movement.
“A lot of the visitors on these sites are involved in the movement somehow, either as leaders or at grassroot level,” he writes. “Their enemy could gain a lot of valuable information by planting RATs even in a small fraction of these peoples’ devices.”
And even leaders aren’t compromised, the publicity around the attack will drive users away from the sites. This is a tactic that would definitely benefit those who want these see protests to end ASAP. And it would be a far more effective tactic if not for social networks like Twitter that can be accessed to plan resistance,even if the government blocks them — as long as you have a VPN solution like our Freedome.
If the goal is to cripple the protests by targeting protesters, “you don’t have to be a genius to figure out that China is the prime suspect,” Micke writes.
The significance a state-sponsored RAT attack — or even a state-condoned attack carried out by privateers — would be immense.
Criminals use malware to target individuals, businesses and governments themselves. Government-sponsored cyberattacks on citizens practicing civil disobedience could be considered an escalation beyond even likely government-sponsored surveillance malware like Flame, which forces businesses to consider malware attacks from their own governments.
Over the last year we’ve learned just how far suspicious governments will go to play defense against internet users who haven’t been accused of any crime. Now we’re seeing hints that a government may be willing to play offense too.
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
March 22, 2018