Chinese hackers targeted South-east Asian nations, says report from cybersecurity firm

[SINGAPORE] Chinese hackers this year targeted military and civilian organisations in several South-east Asian nations, particularly those with similar territorial claims or strategic infrastructure projects, suggesting the involvement of the state, a US-based said in new research released late Wednesday (Dec 8).

Malaysia, Indonesia and Vietnam were the top 3 targeted countries over the past 9 months, said the Insikt Group, the threat research arm of Massachusetts-based Recorded Future. The hackers also took aim at several other countries, including the Philippines, Laos, Cambodia and Thailand, it said.

"The identified intrusion campaigns almost certainly support key strategic aims of the Chinese government, such as gathering intelligence on countries engaged in South China Sea territorial disputes or related to projects and countries strategically important to the Belt and Road Initiative (BRI)," Insikt Group said in its report.

The hackers focused on the offices of the Thai and Malaysian prime ministers, the foreign affairs ministries of Indonesia and Malaysia, as well as their militaries, it said. Insikt said it identified over 400 unique servers in South-east Asia communicating with infected networks that were likely linked to Chinese state-sponsored actors, adding that it did not have any insight into the specific data that might have been obtained. The group attributed much of the activity to a Chinese state-sponsored entity it has labelled Threat Activity Group 16 (TAG-16).

"We also identified evidence suggesting that TAG-16 shares custom capabilities with the People's Liberation Army (PLA)-linked activity group RedFoxtrot," it said. Insikt said it notified all the countries involved in October.

China brushed aside Insikt's findings. "We oppose the spread of disinformation for political purposes to mislead the international community and sow discord between regional countries," Chinese Foreign Ministry spokesman Wang Wenbin said on Thursday at a regular press briefing in Beijing.

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

China has previously dismissed reporting by Recorded Future, including findings in September this year that Chinese state-sponsored hackers were believed to have infiltrated and likely stolen data from an Indian government agency responsible for a national identification base.

In May, Insikt said it identified suspected Chinese state-sponsored network intrusion activity targeting "telecommunications, government and state-owned organisations with Laos". Both the Lao National Committee for Special Economic Zones and the National Enterprise Database were identified as targets, it said. Laos this month inaugurated a nearly US$6 billion Chinese-built railway linking the country with southern China.

The cybersecurity group said the Cambodian foreign ministry along with the country's only international and commercial deep sea port, Sihanoukville Autonomous Port, were targeted in September.

"The scale and scope of China's cyber espionage programme remains unrivalled, exemplified by the large number of distinct actors with operational taskings within specific geographic regions," Insikt group wrote. Those actors, it said, included "many PLA Strategic Support Force and Ministry of State Security (MSS)-linked threat activity groups".

Vietnam's Foreign Affairs spokeswoman Le Thi Thu Hang did not address the report's specifics, but said in an online briefing on Thursday that the government "always pays close attention to this, and has issued various guidelines, policies and measures to ensure cybersecurity and information safety". She added that the country "stands ready to cooperate with the international community on this matter".

Philippine Defence Secretary Delfin Lorenzana told Bloomberg he did not know of any recent cyberattacks on the country's navy, and would task intelligence officials to look into the matter. Other countries did not immediately react to the report.

BLOOMBERG