INSUBCONTINENT EXCLUSIVE:
By Alexander J Martin, technology reporter, Deborah Haynes, foreign affairs editor A cyber spy group "likely" linked to the Chinese state
has targeted human rights campaigners working on issues about the country for up to five years, a new report claims.The espionage group,
dubbed Bronze President, deployed malware against its alleged victims to monitor their activities and steal documents, according to the
assessment released on Sunday by Secureworks, a US-based cyber security company.One of the alleged targets is understood to be a human
rights group that has raised concerns about the treatment of hundreds of thousands of Uighur and other Muslim minorities in China
It has also written about pro-democracy activists in Hong Kong.Image:There have been allegations of mass detentions of Uighur muslims in
China - long denied by the stateThe non-governmental organisation (NGO) asked not to be named in relation to the report.Secureworks said it
was aware of a "handful" of NGOs that it believes had been targeted but that the number could be higher
The security company has been helping some of the alleged targets deal with the cyber attack and understand more about it."The motivation
for going public with this particular report is that the nature of the victims has a real human element to it," said Mike McLellan, a threat
intelligence expert at Secureworks.Image:Mike McLellan believes Bronze President is either based in, or tolerated by, China"A lot of these
organisations are working in very dangerous environments, they are talking to individuals on the ground, they are having to take the
personal information about those individuals and protect it," he said."We really wanted to make sure other organisations in the NGO-sphere
are aware of the [cyber espionage] campaign and are able to check and see whether they may have been affected as well
The impact of this going unnoticed could be very significant for those organisations and the people they work with."As well as NGOs, the
cyber spies also allegedly targeted law enforcement agencies and political entities operating in countries surrounding China, including
India and Mongolia, according to the report.Secureworks said its researchers had been observing the activities of the cyber espionage group
since the middle of 2018 but the campaign could have begun as far back as 2014."It is highly likely that Bronze President is based in the
[People's Republic of China] PRC," the report said.This conclusion was based on the fact that the NGOs allegedly targeted all "conduct
research on issues relevant" to Beijing as well as "strong evidence" linking the spy group's infrastructure to entities within China, the
document claimed.Another factor was "connections between a subset of the group's operational infrastructure and PRC-based internet service
providers", it said.Image:One of Bronze President's apparent targets was a human rights group that asked not to be identifiedIn addition,
Secureworks said tools used by the cyber attackers "have historically been leveraged by threat groups operating in the PRC".The report
concluded: "It is likely that Bronze President is sponsored or at least tolerated by the PRC government
The threat group's systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups."Mr
McLellan, a director in the cyber intelligence cell of Secureworks' counter threat unit, said the company was "as confident as we can be
that China is responsible for this campaign and these attacks".He said a possible factor in the decision to target the NGOs could have been
the work they were doing on issues related to Hong Kong - which has been consumed by anti-government protests - as well as on China's Uighar
Muslim minority.Violence erupts in HK shopping centre"I think the Chinese government will try and gather information around those kind of
events," Mr McLellan said
"It will want to understand how opponents are thinking, how regional partners might be thinking and one of the ways they will do that is go
out and try to gather information through means such as cyber attacks… I think there's every chance those kind of real world events are
all tied up with the same campaign that we've seen here."Secureworks said its researchers found malware they had not seen before when
investigating the alleged actions of the cyber spy group.This suggests it may be able to develop its own capabilities rather than just rely
on widely available malware, according to the report
The attackers allegedly used a combination of widely available cyber tools as well as what appear to have been their own kit to gain access
to the networks of their alleged victims.After compromising a computer network "what they have been doing is stealing information", Mr
McLellan said."They have been going after in particular documents - so power point presentations, word documents, those kind of things -
that would give some insight, we concluded, into the work of those organisations particularly in relation to China," he said."The intent
here has been information theft."Sky News has approached the Chinese embassy in London and China's foreign ministry for a response to the
