A recent report from FireEye reveals details about a hacker group—APT 30—which has been in existence for nearly a decade now but was never considered a major threat. Reports however suggest that the seemingly insular group which believes in working within its own network without collaborating much with similar external entities is now capable of attacking air-gapped networks too.
The group is called Advanced Perceived Threat or APT 30 and has traditionally been considered a low-profile group which mainly uses primitive tools and techniques for attacks. News of the group acquiring air-gapped network attacking techniques is certainly something to worry about.
The term air-gapped basically refers to networks which are isolated from the Internet in order to decrease the probability of cyber threats. Usually governments use such networks to store classified and sensitive information.
It is not confirmed but seems likely that this group is being sponsored by China since the main targets of attack include Southeast Asian countries and India with special interest in Indo-China border issues. This is sufficient to raise strong suspicions about the powers-that-be behind this group.
As far as the methodology of attack is concerned, air-gapped systems or networks are targeted by developing worm like algorithms which tend to attach themselves to hardware such as USB thumbdrives and hard disks. Once these components get in contact with systems on the isolated local network the attack is able to spread.
The report also suggests that though this has been a recent discovery the group has been working along these lines since its inception, possibly as far back as 2005. The tools used by this group have been generally simplistic such as attaching malicious code to email attachments and so forth.
Initially the group only targeted networks with weak security policies and hence had not been given much importance by security organizations and experts. However with the latest developments, it’s time to take APT 30 more seriously and ensure that measures are taken to safeguard against such attacks.
Security of nations is a vital issue and can have drastic implications both at the domestic as well as international level. It is best for governments to nip such evil in the bud and try to eradicate any possible outbreaks. Governments sponsoring sophisticated malware for cyber espionage efforts must also exercise extreme caution—there’s a good chance the tools and techniques will be reverse-engineered and turned against them or used for attacks against the general public.