In the report the company said that the attacks have been designed to glean intelligence, likely from classified government networks and other sources, pertaining to political and military issues such as disputes over the South China Sea.
Some of the cyberattacks have taken the form of specially crafted emails, written in recipients’ native languages, with documents that appear legitimate but contain malware, the report said.
The attackers focused not only on governments, but on ASEAN itself, as well as corporations and journalists interested in China. Other targets included Indian or Southeast Asian-based companies in sectors such as construction, energy, transport, telecommunications and aviation.
The Milpitas, Calif.-based FireEye said the hacking efforts are remarkable because of their duration—noting some elements have been in place since 2005 and stand out because of their geographic focus.
China has been accused before of targeting countries in South and Southeast Asia. In 2011, researchers from McAfee reported a campaign dubbed Shady Rat which attacked Asian governments and institutions, among other targets.
The problem is not new; Singapore has reported sophisticated cyber-espionage attacks on civil servants in several ministries dating back to 2004.