Chinese Hackers Targeted Government And Private-Sector Entities From Countries Like Malaysia, Indonesia And Vietnam: Report

An American private cybersecurity firm has released a report which revealed that Chinese hackers have been targeting government and private-sector groups across Southeast Asia, especially those closely connected with Beijing on infrastructure development projects.

According to the Insikt Group, a threat research division of Massachusetts-based Recorded Future, specific targets included the Thai Prime Minister's office and army, the Indonesian and Philippine navies, Vietnam's national assembly and Communist Party central office, as well as Malaysia's Ministry of Defense.

The cybersecurity firm stated that hackers, likely state-sponsored, used custom malware families like FunnyDream and Chinoxy to hit the high-profile military and government organisations in Southeast Asia over the last nine months.

The Insikt Group stated that much of the effort was traced to a group that was tracked under the temporary identity Threat Activity Group 16 or TAG-16. Additionally, it said that TAG-16 appears to share custom capabilities with the Chinese People's Liberation Army-linked activity group RedFoxtrot.

The group also noted that the custom tools are not publicly available, as well as are used by several entities suspected to be Chinese state-sponsored, and according to them, the targeting also coincides with the Chinese government's political and economic objectives, supporting the idea that it is state-sponsored. But the Chinese authorities have previously denied any state-sponsored hacking campaign, claiming instead that China is a significant target of cyberattacks.

However, Malaysia, Indonesia, and Vietnam were the top three countries targeted in the cyber assaults tracked by Insikt Group. Myanmar, the Philippines, Laos, Thailand, Singapore and Cambodia were also targeted by the hackers, according to the report. The Associated Press reported that the findings were notified to all countries in October this year, though it is believed that at least some of the activity is still happening.

The company said: “Throughout 2021, Insikt Group tracked a persistent cyber-espionage campaign targeting the prime minister’s offices, military entities, and government departments of rival South China Sea claimants Vietnam, Malaysia, and the Philippines.”

“Additional victims during the same period include organisations in Indonesia and Thailand,” it added.

The firm also noted that it had discovered over 400 unique servers in Southeast Asia connecting with malware, although it was unclear what data had been accessed. As explained by Insikt, since many of the detected instances occurred over a period of months, it is extremely likely that the threat actors retained long-term access to the victim networks and were able to get victim data throughout this time period to support intelligence-gathering activities.

Furthermore, Insikt Group had also identified activities in Cambodia and Laos that it believes is tied to Beijing's Belt and Road Initiative (BRI), which aims to build ports, trains and other infrastructure across Asia, Africa, as well as the Pacific.

As reported, Laos just has recently unveiled a $5.9 billion Chinese-built railway that connects the country to southern China.

In this case, while referring to the BRI, the report highlighted that “historically, many Chinese cyberespionage operations have heavily overlapped with projects and countries strategically important to the BRI”.

However, Teuku Faizasyah, a spokesman for the Indonesian Ministry of Foreign Affairs, said he had no information of firm's latest claims indicating the Ministry had been attacked, while Thailand's army echoed the same and stated that it had no immediate knowledge of any hacks into its servers detected by its cybersecurity team.

Similarly, Phay Siphan, a spokeswoman for the Cambodian government, claimed the country's own authorities had not discovered any hacking of the servers mentioned by Insikt Group. Meanwhile, according to Col. Ramon Zagala, spokesman for the Philippine armed forces, the Philippine military has not reviewed the latest findings but said that “it takes all kinds of potential attacks seriously and has measures in place to protect our vital systems”.