Suspected Chinese malware used to spy on PH gov't – security firm

Metro Manila (CNN Philippines) — The maritime dispute in the South China Sea has been decided by the arbitration court in favor of the Philippines — but now it seems the sea spat has been taken to cyber space.

Finland-based web security company F-Secure claimed on Thursday it has found a malware targeting the confidential information of government and private organizations, including the Philippines' Department of Justice.

The organizers of the Asia-Pacific Economic Cooperation (APEC) Summit held in Manila last November and an unnamed prominent international law firm, which represented Philippines during the arbitration case, were not spared from the cyber security attack.

The malicious program dubbed "NanHaiShu" (南海鼠) translates to "South China Sea rat" in English. F-Secure suspects it to be of Chinese origin.

The Remote Access Trojan (RAT) is disguised as an innocent file, usually sent through an email. But once opened, it releases a virus into the victim’s computer, gathering and sending back information to the attacker.

F-Secure said the attacks all pointed to be politically-motivated, considering the timing of the attacks.

"They occurred either within a month following notable news reports related to the dispute, or within a month leading up to publicly-known political events featuring the said issue," F-Secure said in a published 16-page whitepaper.

F-Secure said it stumbled upon the NanHaiShu malware when it explored the web security environment ahead of the Manila APEC Summit. They traced the malware’s history and found variants that coincided with developments in the dispute and milestones in Manila’s arbitration case against Beijing. The recorded attacks spanned late 2014 to March 2016.

F-Secure Threat Intelligence Team Senior Manager Mina Aquino said on Friday that based on organizations targeted, the attacker was most likely the Chinese government.

Related: Ex-SolGen: PH's case vs. China may have done more harm than good

Was confidential Philippine data compromised?

Aquino said several targets of the "cyber espionage" attack were successfully breached.

"The attackers were able to gain access to confidential information — that includes documents or could-be political secrets," she said.

NBI on it

National Bureau of Investigation Cybercrime Division Chief Ronald Aguto Jr. said they are looking into the published report. Aguto only found out about the reported threat after CNN Philippines asked him for comment.

CNN Philippines has also asked the Chinese Embassy for comment. It has yet to respond.

Aquino said her team, composed of three Filipinos and three Finns, felt strongly about the case and they are out to find out who was truly behind the cyber attacks.