A US-based cybersecurity firm said it had discovered that Chinese state-sponsored hackers targeted military and civilian organizations in several Southeast Asian countries, particularly those with similar territorial claims or strategic infrastructure projects, late Wednesday.
The Insikt Group, the threat research arm of Massachusetts-based Recorded Future, says Malaysia, Indonesia and Vietnam were the three most targeted countries over the past nine months. The state-sponsored Hackers also targeted several other countries, including the Philippines, Laos, Cambodia, and Thailand, the report said.
According to Insikt Group, the intrusion campaigns almost certainly support key strategic aims of the Chinese government, including gathering intelligence on countries involved in the South China Sea territorial disputes or projects and countries strategically important to the Belt and Road Initiative.
The report said the hackers targeted Thailand and Malaysia’s prime ministers’ offices, their foreign affairs ministries, as well as their militaries. According to Insikt, more than 400 unique servers in Southeast Asia communicated with infected networks likely controlled by state-sponsored actors in China.
Chinese state-sponsored hackers called Activity Group 16
The company doesn’t have any insight into the specific data they may have obtained. The group attributes most of this activity to a Chinese state-sponsored entity it calls Threat Activity Group 16.
We also found evidence that suggests TAG-16 is linked to the People’s Liberation Army (PLA)-linked activity group Red Foxtrot, the report said. All participating countries were notified by Insikt in October.
Insikt’s findings were dismissed by China.
Wang Wenbin, a spokesman for the Chinese Foreign Ministry, said Thursday at a regular news conference in Beijing that the ministry opposes disinformation spread for political purposes to mislead the international community.
In September this year, Recorded Future reported that Chinese state-sponsored hackers were believed to have accessed a national identification database controlled by the Indian government and likely stolen information.
Insikt reported in May that it detected suspected Chinese state-sponsored intrusions into Laos’s telecom, government, and state-owned businesses. According to the report, the Lao National Committee for Special Economic Zones and the National Enterprise Database had been targeted. This month, Laos opened a new railway linking the country with southern China, built by the Chinese.
China’s cyber-espionage program
Security experts said the Cambodian foreign ministry along with the country’s only international and commercial deep seaport, Sihanoukville Autonomous Port, were targeted in September.
According to the Insikt group, “China’s cyber-espionage program remains unrivalled because of the large number of distinct actors with distinct operational tasks within specific geographical regions.” The report cited “many PLA Strategic Support Forces and Ministry of State Security (MSS)-linked threat activity groups.”
In an online briefing Thursday, speaking for the Ministry of Foreign Affairs, Le Thi Thu Hang declined to discuss the report’s specifics, but said the government “always pays close attention to this issue and has issued various guidelines, policies, and measures in this respect”. “We are ready to cooperate with the international community on this matter,” she added.
According to Bloomberg, Delfin Lorenzana, Philippine defence secretary, is unaware of any recent cyberattacks carried out on the country’s navy and has asked intelligence officials to investigate. The report was not immediately reacted to by other countries.