New research from FireEye shows that the Asia-Pacific region was twice as likely to be targeted by advanced persistent threats during 2013 than the rest of the world.
Leading the way for countries in this region was South Korea, with Japan and Taiwan rounding out the top three. Thailand and Hong Kong were ranked fourth and fifth, respectively.
Attackers also had certain verticals within the region they favored as well. The most popular among these were: the financial services industry; federal government; high-tech industry; chemical/manufacturing/mining industries and consulting services.
“According to the 2012 World Intellectual Property Organization (WIPO) report (PDF), which cited global data collected in 2010, three of the top five patent offices are now located in Asia, and they represented more than 45 percent of all patents filed worldwide,” blogged FireEye researchers Geok Meng Ong and Kenneth Geers. “With such a high volume of intellectual property concentrated in the region, Asia is a logical battleground for cyber attacks. Stealing information about an advanced-stage product can allow an unscrupulous competitor to bring a similar product to market at a much lower cost and effort — and at the direct expense of the victim.”
Japan and South Korea in particular saw heavy concentrations of APT malware.
“That two of the most recently discovered zero-day vulnerabilities (CVE-2013-3893 and CVE-2013-3897) have been used in advanced cyber attacks specifically targeted at Japanese and Korean language users is striking,” the researchers noted.
“Zero-day vulnerabilities are often hard to come by, and the frequent use of these exploits against Japan and Korea is an indicator of determined and resourceful attackers, as well as the high value of the information they are extracting from these targets,” they added.
The attackers behind the APT campaigns are using many different tools, the most popular of which include Gh0stRat, Sisproc and DarkComet. In certain countries – such as Japan and South Korea – FireEye spotted more than 30 unique APT families. In North Asia, APT tools like Terminator RAT (also known as FakeM) have been used against Tibetan and Uyghur activists.
“Gh0stRat is one of the most commonly used remote administration tools (RAT) in the world,” the researchers noted. “But we have also found an increased use of malware such as Houdini — a heavily obfuscated VBScript-based RAT that was analyzed by FireEye researchers in a recent blog post.”
“Some APT malware, such as Mirage, has been used for specific purposes in Asia,” the researchers continued. “Threat actors using this malware often employ spear phishing attacks using legitimate decoy documents that are related to a target’s national economy or politics including regional events such as ASEAN summits, Asia-Pacific Economic Cooperation (APEC) summits, energy exploration, or military affairs.”
