Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia, including those closely involved with Beijing on infrastructure development projects, a report released on Wednesday by a US-based private cybersecurity company said.
Specific targets included the Thai prime minister’s office and the Thai army, the Indonesian and Philippine navies, Vietnam’s National Assembly and the central office of its Communist Party, and Malaysia’s Ministry of Defense, said Insikt Group, the threat research division of Massachusetts-based Recorded Future.
Insikt said it determined that the high-profile military and government organizations in Southeast Asia had been compromised over the past nine months by hackers using custom malware families such as FunnyDream and Chinoxy.
Those custom tools are not publicly available and are used by multiple groups believed to be sponsored by China, the group said.
The targeting also aligns with the political and economic goals of the Chinese government, bolstering the suspicion it is state-sponsored, Insikt said.
“We believe this activity is highly likely to be a state actor, as the observed long-term targeted intrusions into high-value government and political targets is consistent with cyberespionage activity, coupled with identified technical links to known Chinese state-sponsored activity,” it said.
The Chinese Ministry of Foreign Affairs did not immediately respond to a request for comment on the allegations.
In the past, Chinese authorities have consistently denied any form of state-sponsored hacking, instead saying that China itself is a major target of cyberattacks.
Of the cyberintrusions it tracked, Insikt Group said Malaysia, Indonesia and Vietnam were the top three targeted countries. Also targeted were Myanmar, the Philippines, Laos, Thailand, Singapore and Cambodia.
All countries were notified in October of the findings, although it is thought that at least some of the activity is ongoing, the company said.
“Throughout 2021, Insikt Group tracked a persistent cyberespionage campaign targeting the prime minister’s offices, military entities, and government departments of rival South China Sea claimants Vietnam, Malaysia and the Philippines,” the company said. “Additional victims during the same period include organizations in Indonesia and Thailand.”
Much of that campaign was attributed to a group being tracked under the temporary identifier Threat Activity Group 16, or TAG-16, Insikt Group said.
“We also identified evidence suggesting that TAG-16 shares custom capabilities with the [Chinese] People’s Liberation Army-linked activity group RedFoxtrot,” the group said.
Overall, Insikt Group said it had identified more than 400 unique servers in Southeast Asia communicating with malware, but it was not clear what information had been compromised.
The CIA has a message for Chinese government officials worried about their place in Chinese President Xi Jinping’s (習近平) government: Come work with us. The agency released two Mandarin-language videos on social media on Thursday inviting disgruntled officials to contact the CIA. The recruitment videos posted on YouTube and X racked up more than 5 million views combined in their first day. The outreach comes as CIA Director John Ratcliffe has vowed to boost the agency’s use of intelligence from human sources and its focus on China, which has recently targeted US officials with its own espionage operations. The videos are “aimed at
STEADFAST FRIEND: The bills encourage increased Taiwan-US engagement and address China’s distortion of UN Resolution 2758 to isolate Taiwan internationally The Presidential Office yesterday thanked the US House of Representatives for unanimously passing two Taiwan-related bills highlighting its solid support for Taiwan’s democracy and global participation, and for deepening bilateral relations. One of the bills, the Taiwan Assurance Implementation Act, requires the US Department of State to periodically review its guidelines for engagement with Taiwan, and report to the US Congress on the guidelines and plans to lift self-imposed limitations on US-Taiwan engagement. The other bill is the Taiwan International Solidarity Act, which clarifies that UN Resolution 2758 does not address the issue of the representation of Taiwan or its people in
US Indo-Pacific Commander Admiral Samuel Paparo on Friday expressed concern over the rate at which China is diversifying its military exercises, the Financial Times (FT) reported on Saturday. “The rates of change on the depth and breadth of their exercises is the one non-linear effect that I’ve seen in the last year that wakes me up at night or keeps me up at night,” Paparo was quoted by FT as saying while attending the annual Sedona Forum at the McCain Institute in Arizona. Paparo also expressed concern over the speed with which China was expanding its military. While the US
SHIFT: Taiwan’s better-than-expected first-quarter GDP and signs of weakness in the US have driven global capital back to emerging markets, the central bank head said The central bank yesterday blamed market speculation for the steep rise in the local currency, and urged exporters and financial institutions to stay calm and stop panic sell-offs to avoid hurting their own profitability. The nation’s top monetary policymaker said that it would step in, if necessary, to maintain order and stability in the foreign exchange market. The remarks came as the NT dollar yesterday closed up NT$0.919 to NT$30.145 against the US dollar in Taipei trading, after rising as high as NT$29.59 in intraday trading. The local currency has surged 5.85 percent against the greenback over the past two sessions, central