Thanks for signing up, a member of the Global PR team will be in touch with you shortly.
"This APT (advanced persistent threat) malware appears to be tightly linked to the dispute and legal proceedings between the Philippines and China about the South China Sea," says Erka Koivunen, Cyber Security Advisor at F-Secure. "Not only are the targeted organizations all related to the case in some way, but its appearance coincides chronologically with the publication of news or events related to the arbitration proceedings."
Targeted organizations identified in the report include the Department of Justice of the Philippines, which has been involved in the case filed by the Philippines against China; the organizers of Asia-Pacific Economic Cooperation (APEC) Summit, which was held in the Philippines in November 2015; and a major international law firm.
NanHaiShu is spread via carefully crafted spear phishing emails that contain industry-specific terms relevant to each of the targeted organizations, indicating the emails were deliberately designed with the exact targets in mind. The email's attached file contains a malicious macro that executes an embedded JScript file. Once installed on a machine, NanHaiShu sends information from the infected machine to a remote server, and is able to download any file the attacker wishes.
The technical analysis exposed the malware's notable orientation toward code and infrastructure associated with developers in mainland China. Owing to that, and to the fact that the selection of organizations targeted for infiltration are directly relevant to topics that are considered to be of strategic national interest to the Chinese government, F-Secure researchers suspect the malware to be of Chinese origin.
"If in fact our researchers' suspicions are correct, it could be that the Chinese were using cyber espionage to gain better visibility into the legal proceedings," says Koivunen.
For more details see the full report, NanHaiShu: RATing the South China Sea.
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
Sign up for media information from F-Secure.
Browse through our news by year.
Browse through our news by category.