Beijing May Have Been Spying on India’s Defense Industry for a Decade

China’s government is probably behind an anonymous group that has been cyber-spying on Indian companies and officials for close to decade now, American security experts say.

The group, dubbed “APT30″ in a report published by cyber security firm FireEye on April 13, primarily targets businesses, governments and military operations in India and other ASEAN (Association of Southeast Asian Nations) countries. Other targets include South Korea, Vietnam and Malaysia—all countries China has territorial disputes with in the South China Sea.

“The malware revealed a decade-long operation focused on targets—government and commercial—who hold key political, economic, and military information about the region,” FireEye said in its report. “Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored—most likely by the Chinese government.” The group has been particularly active around ASEAN summits, FireEye said, and also targets journalists who cover the region.

The report comes just weeks before India’s prime minister Narendra Modi is expected to visit China in May. Much of the cyber-spying done by the Chinese in India has been related to defence and military materials, FireEye said. APT30 managed to plant its malware in an Indian aerospace company as well as an Indian telecommunications firm, the report said.

“In particular, a number of spear phishing subjects have related to Indian aircraft carrier and oceanographic monitoring processes, which probably indicates a specific interest in naval and maritime themes around Indian military activity and disputes in the South China Sea,” the report said.

Spear phishing is defined by cyber security firm Kaspersky as:

n email scam with the sole purpose of obtaining unauthorised access to sensitive data. Unlike phishing scams, which cast broad, scatter-shot attacks, spear phishing hones in on a specific group or organisation. The intent is to steal intellectual property, financial data, trade or military secrets and other confidential data.

Modus operandi

Using malware nicknamed Backspace and Neteagle by FireEye, and related tools the security firm dubbed Shipshape, Spaceship and Flashflood, APT30 gains access to files across political, military, and economic affairs of various countries.

“We have observed APT30 target national governments, regionally based companies in ten industries, and members of the media who report on regional affairs and Chinese government issues,” FireEye said.

(Related: China’s Island-Building Spree Is About More Than Just Military Might)

Beijing’s cyber spying activities have come under increasing scrutiny from internet security firms and foreign governments.

In 2011, cyber security firm McAfee said that a campaign called Shady Rat, which originated from China, had attacked Asian governments and institutions, among other targets. In November 2014, the US charged five Chinese military officers with cyber-spying on American companies to steal trade secrets.