Hackers appearing to come from China covertly attacked Malaysian government computers and stole classified information in the early days of the search for missing airplane MH370, a new report has claimed.
Amirudin Abdul Wahab, CEO of government agency CyberSecurity Malaysia, told local paper The Star that officials in the Department of Civil Aviation, the National Security Council and Malaysia Airlines were among those targeted.
“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” Amirudin is quoted as saying.
“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation.”
The incident has all the hallmarks of a classic targeted attack.
Victims were apparently targeted with an email containing a malicious PDF attachment.
The attackers used social engineering techniques to persuade the victims to open the attachment, in this case a news article claiming that the stricken Boeing 777 had been found.
Around 30 PCs were infected by the malware, which exfiltrated data and sent it back to an IP address in China.
Officials suspect MH370 was the motivation for the attack as the spearphishing emails were sent on March 9, a day after the airplane disappeared and at a time when the Malaysian government was being accused of not sharing enough information on the incident.
“This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack,” said Amirudin.
Of course, attribution is always difficult in these cases and Beijing could always claim that those behind the attack merely used compromised machines in China to route the data via in order to hide their true location.
In fact, new honeypot-based research from Alert Logic this week claimed that majority of attacks against APAC countries, including Malaysia, actually came from the US (63%) during the period studied.
China and Japan came second, accounting for 15% each of attack traffic.