FireEye recently released a report called "APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION" .The report focuses on a targeted threat group that we call APT30 (Advanced Persistent Threat group 30) and details how a cyber-threat group exploited Governments and commercial entities across India and Southeast Asia for over a decade.
APT30 is noted for sustained activity, and also for successfully maintaining the same tools, tactics, and infrastructure since at least 2005.
Highlights of the report:
- APT30's consistent long-term mission: Data theft for political gain
- Group has a structured and organized workflow, illustrative of a collaborative team environment
- Identifies and steals documents, especially documents that may be stored on air-gapped networks
- APT30's targets align with Chinese Government interests and focus on India & Southeast Asia
- Pursues members of the Association of Southeast Asian Nations (ASEAN)
- Consistently includes Regional Security and Political Themes