Hong Kong may be part of China, but that hasn't protected it from Chinese hackers

PUBLISHED : Tuesday, 28 July, 2015, 7:00am
UPDATED : Tuesday, 28 July, 2015, 11:33am

Businesses and institutions in Hong Kong are not exempt from attacks by China-linked hacking groups, as experts warn cyber crime in Asia is on the rise.

Hong Kong is the number one target for hackers in the Asia-Pacific region, with almost 60 per cent of businesses detecting attacks in the second half of 2014, according to US-based cybersecurity firm FireEye.

"Hong Kong offers valuable intelligence," said Grady Summers, FireEye chief technology officer.

"As a regional business hub with large multinationals, Hong Kong offers attackers possible entry points into global networks with valuable information."

While he was quick to point out that China "isn't the only threat actor on the block", Summers said Chinese hacking groups were "the most active in breaching private sector networks for the purposes of intelligence and economic espionage".

In April, FireEye revealed that Chinese hacking groups had been spying on governments undetected in southeast Asia and India for around a decade.

READ MORE: The Chinese forums offering hacking courses for just US$100

Last week, law firm DLA Piper warned that businesses in Asia, and Hong Kong in particular, were complacent about the risk posed by cyber criminals.

"As a region, Asia Pacific is twice as likely to be targeted," said Scott Thiel, a partner at the firm's intellectual property and technology practice.

FireEye found the most commonly targeted industries in the region were government (27 per cent), followed by telecoms (24 per cent) and financial services (16 per cent).

During a speech at the recent RSA cybersecurity conference in Singapore, Summers outlined how Chinese hacking groups that FireEye monitors operate, including sophisticated phishing techniques tailored for individual targets.

Phishing refers to the practice of sending fake emails in order to trick individuals to reveal sensitive data like passwords. Chinese hacking group APT30 used custom news articles on topics such as Nepalese foreign affairs, Bhutan politics, and the development of a new Indian aircraft carrier to target government and business institutions in southeast Asia.

"APT30 is a well-organised group with a long-term mission that represents a regional threat," Summers said.

READ MORE: Not all hackers are bad - a look into the world of Chinese 'white hats'

Another group, APT5, targeted a Japanese software company in March, compromising its web server and posting official seeming malware for customers to download, allowing the hackers to take control of their computers and steal data.

Spending on cybersecurity in Asia-Pacific is expected to hit US$32.95 billion by 2019, according to combined predictions of research firms Visiongain, Gartner and Marketandmarkets.