Two government agencies in Hong Kong attacked by hackers, US firm says

American network security company believes perpetrators were mainland group which carried out cyberattacks for political reasons

PUBLISHED : Friday, 02 September, 2016, 9:58pm
UPDATED : Saturday, 03 September, 2016, 2:48am

Two Hong Kong government agencies were victims of cyberattacks by a “sophisticated” group of mainland hackers last month, a US network security firm has suggested.

The attacks, which came ahead of the Legislative Council elections on Sunday, were said to be “certainly” politically motivated, judging from the targets, which were not identified.

The Office of the Government Chief Information Officer confirmed the incident, but insisted operations of the concerned departments were not affected and that no information was leaked.

Hacking tools stolen from NSA show Chinese cyberfirms were targeted, experts say

A report carried by Bloomberg on Thursday quoted computer security company FireEye as saying that malware – short for malicious software – was detected to have infiltrated the network of two Hong Kong government agencies. It is believed that a group of high-level mainland hackers known as APT 3 was behind the attacks, which happened on “at least three occasions”.

Using a method called “spear phishing”, the hackers sent out emails purporting to show a hyperlink of a report on the election results. Once accessed, the link would direct the user to a domain which contained the malware.

John Watters, president of FireEye’s subsidiary iSIGHT, said the attacks were certainly politically driven, but refused to name the agencies. He said: “What it appears to be is an opportunity to gain information without having the transparency of having to make a request.”

A spokesperson for the Office of the Government Chief Information Officer confirmed two government departments received phishing emails early last month. “Relevant security measures have been taken to block the suspicious emails,” the statement added. “The systematic operations of the concerned departments were not affected, and we have not received reports of information leaks.”

While the office was unable to provide statistics on such attacks, it said a “comprehensive” set of guidelines has been formulated to safeguard government networks, and that it would stay vigilant and defend against security hacks.

Though iSIGHT has tracked APT 3 for five years, it has been unable to draw any connection to the Chinese government as some have suggested.