Hackers have used targeted malware to steal data from some of the governments and private sector organisations involved in the dispute over territory and sovereignty in the South China Sea.

Cybersecurity company F-Secure Labs uncovered the malware, dubbed NanHaiShu by researchers, which it said targeted the Philippines Department of Justice, a major international law firm involved in the South China Sea case, and the organisers of November 2015’s Philippines-based Asia-Pacific Economic Cooperation (APEC) Summit.

Erka Koivunen, cyber security advisor at F-Secure, said the NanHaiShu campaign is particularly sophisticated in nature.

​Bruce Schneier: The cyberwar arms race is on
“This isn’t an ordinary, run-of-the-mill opportunist piece of malware, but something that somebody has put some thought into and effort into, running a campaign with a selected group of organisations and individuals that are being targeted.”

NanHaiShu is a remote access Trojan which is able to send any information from an infected machine to a remote command and control server with a Chinese IP address. All the machines targeted by the malware are within organisations that hold data on topics considered to be of strategic national interest to the Chinese government.

F-Secure suspects that the malware was being used to gain better visibility of the legal proceedings around the South China Sea arbitration.

“The finger points to the government of China, which would benefit from having a malware campaign against these targets,” Koivunen claimed. China has consistently denied hacking other nations, and instead accuses others of launching espionage and hacking attacks against it.

Given the data targeted for extraction by NanHaiShu is so sensitive and stored within organisations that, in theory, should be highly secure, how were hackers able to break into the networks, steal information, and remain undetected by victims?

http://www.zdnet.com/article/how-hackers-used-this-trojan-malware-to-spy-on-a-territorial-dispute/