China suspected of hacking South China Sea arbitration

China suspected of hacking South China Sea arbitration
© Getty

Newly discovered malware targeted parties involved with the dispute between China and the Philippines over the South China Sea, researchers announced Thursday.

The antivirus firm F-Secure found samples of the malware, which could be used to spy on a victim's computer, among other functions, in the Philippines's justice department, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an “international law firm representing one of the involved parties.” 


“Based on the specific selection of organizations targeted for attack by this malware, as well as indications revealed in our technical analysis of the malware itself, we believe the threat actor to be of Chinese origin,” F-Secure wrote in the report. 

In July, a international tribunal sided with the Philippines over which nation controlled certain territory in the South China Sea. China boycotted the proceedings and ignored the ruling.  

F-Secure is calling the malware, technically called a remote-access Trojan, “NanHaiShu."

"Not only are the targeted organizations all related to the case in some way, but its appearance coincides chronologically with the publication of news or events related to the arbitration proceedings," said Erka Koivunen, a cybersecurity adviser at F-Secure, in a statement. 

The malware infected computers through Microsoft Office documents sent through highly targeted spear-phishing emails. One infected file, “DOJ Staff bonus January 13, 2015.xls," was sent a month after the arbitration tribunal put out a major press release. Others came at major deadlines for both countries. 

Microsoft Office does offer a way to prevent malicious files like those NanHaiShu relied on from executing — users can disable macros, a feature that allows certain automation.