Apparent link between APT and DDoS attacks against protestors in Hong Kong

Since September, pro-democracy protestors in Hong Kong have been targeted with malicious mobile applications, and as the situation escalates, DDoS attacks have now been launched against websites supporting the pro-democracy movement. This past month has seen Next Media's Apple Daily system severely impacted and online sources report that at least one member of HKGolden, a popular online forum, was arrested for posting messages encouraging support for the OccupyCentral pro-democracy movement.

An investigation by FireEye revealed an overlap in the tools and infrastructure used by China-based advanced persistent threat (APT) actors and the DDoS attack activity. Previous APT activity, including Operation Poisoned Hurricane, would appear to be linked to the recent DDoS attacks, FireEye writes on its blog, revealing “the potential relationships, symbiosis and tool sharing between patriotic hacker activities designed to disrupt anti-government activists in China, and the APT activity we consistently see that is more IP theft and espionage-focused.”

“While not conclusive,” they continue, “the evidence presented above shows a link between confirmed APT activity and ongoing DDoS attacks that appear to be designed to silence the pro-democracy movement in Hong Kong.” Noting that there is no proof that the attackers are the same, the indication is such that a “common quartermaster” might exist in support of both the DDos attacks and the constant disruptive action, and that the Chinese government is the “entity most likely to be interested in achieving both of these objectives.”