The use of the NanHaiShu Remote Access Trojan coincides with events leading to the recent ruling in the Philippines vs. China case.
The world has been undergoing remarkable transformation due specifically to the advancement of the cyber-age. This is due to increasingly strong digital infrastructure as well as the explosion in use of digital devices and technologies. However, it is that very advancement that has opened corporates and even government around the world to heightened scrutiny from cyber criminals.
While some cyberattacks are no doubt being aimed at global supply chains, yet more are becoming very specifically targeted in purpose, being utilised by anyone ranging from hacktivists to hostile governments.
“These groups have learned the layout of the new playing field, and are getting more competent in the way they are bale to exploit the vulnerabilities that corporates and governments are exposed to, due to increasing reliance on automated and digital systems,” said Amit Nath, Head of Asia Pacific, Corporate Business, F-Secure.
Governments under seige
As a strong case example, F-Secure Labs very recently found a strain of malware that appears to be targeting parties involved in the recently decided Philippines vs. China case. This portion of the South China Sea dispute has recently been of high profile, given the favourable ruling towards the Philippines under arbitration provisions of the United Nations Convention on the Law of the Sea (UNCLOS).
The malware itself, dubbed NanHaiShu by F-Secure researchers, is a Remote Access Trojan that allows attackers to exfiltrate data from infected machines. More significantly is what the Malware represents; That geopolitics is just as relevant as ever in the face of threats related to cybersecurity.
According to Nath, the Malware associated with the incident appears to targeted organizations that are related to the case and is specifically designed to do so.
“NanHaiShu was spread using phishing emails and contained content-specific keywords that had the exact targets in mind. The objective of the Malware seemed to be to enable to designers to gain greater insight on status of the legal proceedings in the case,” said Nath.
An F-Secure study released regarding the NanHaiShu incident state that targets included the Department of Justice of the Philippines, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an international law firm representing one of the involved parties.
Cybercriminals evolve, realise true value of information
Nath feels that wherever geopolitical rivalries occur today, so too are cyber exchanges increasingly prevalent. “This is especially true in cases where cyber criminals have the leverage of targeting countries that have cyberspace infrastructure but are weak on governance,” he Nath.
The technical analysis exposed the malware’s notable orientation toward code and infrastructure associated with developers in mainland China. Owing to that, and to the fact that the selection of organizations targeted for infiltration are directly relevant to topics that are considered to be of strategic national interest to the Chinese government, F-Secure researchers suspect the malware to be of Chinese origin.
Although the NanHaiSHu Malware was utilised mainly for intelligence gathering, other such Malware seldom are, and cybercriminals of today have been known to cause operational shutdowns, equipment damage, reputation damage and more.
“These criminals have advanced to the point that they are not only highly competent in terms of their technical ability, but they have even become very uch aware of the real value of their ill-gotten gains,” said Nath.
“They know exactly how to monetize what they steal, and in fact are not beyond even being able to use the information to influence business dynamics,” he said. As an example, Nath mentioned the case where market-sensitive information was stolen from more than 100 companies, to be traded or profits on the stock market.
With these examples, it is clear that cybercriminals of today have become a formidable force and it is only with the aid of highly experienced and skilled cybersecurity professionals such as F-Secure that a semblance of normalcy can be maintained.
For more information on the NanHaiShu Malware, see the F-Secure report at: