Bangkok (AP) — Chinese hackers, perhaps state-sponsored, are closely involved in Beijing on infrastructure development projects, according to a report released Wednesday by a US-based private company. It targets a wide range of government and private sector organizations throughout Southeast Asia, including organizations. Cyber security company.
Specific goals include the Thai Prime Minister’s Office and the Thai Army, the Indonesian and Philippine Navy, the Vietnam Parliament and Communist Party Central Bureau, and the Malaysian Ministry of Defense, according to the Insikt Group, Massachusetts’ Threat Research Division. I did. The recorded future of the base.
Insikt said prominent Southeast Asian military and governmental organizations have determined that they have been compromised in the last nine months by hackers using custom malware families such as FunnyDream and Chinoxy. These custom tools have not been released and are being used by several groups that appear to be state-owned in China, the group said.
According to Insikto, the target is in line with the Chinese government’s political and economic goals, raising suspicions that it is sponsored by the state.
“This activity is national because long-term targeted intrusions into high-value government and political targets are consistent with cyber-espionage and technical links to China’s known state support activities have been identified. I think it’s likely to be the main body, “the company said. Associated Press.
China’s Foreign Ministry did not immediately respond to requests for comment on the allegations.
So far, Chinese officials have consistently denied all forms of state-sponsored hacking, instead stating that China itself is the primary target of cyberattacks.
The Insikt Group said Malaysia, Indonesia and Vietnam are the top three countries in the tracked cyber intrusions. It also covered Myanmar, Philippines, Laos, Thailand, Singapore and Cambodia.
The findings were notified to all countries in October, but at least some activities are underway, the company said.
“Through 2021, the Insikt Group tracked a sustained cyber-spy campaign targeting the Prime Minister’s Office, military organizations, and the government sector of Vietnam, Malaysia, and the Philippines, which are the advocates of rival South China Sea,” the company said. I am saying. “Additional victims during the same period include Indonesian and Thai organizations.”
Much of that campaign is due to Threat Activity Group 16, or a group that is being tracked under a temporary identifier for TAG-16, Insikt Group said.
“We also identified evidence suggesting that TAG-16 shares custom features with the PLA-linked activity group Red Foxtrot,” the group said.
Overall, the Insikt Group said it identified more than 400 unique servers communicating with malware in Southeast Asia, but it was not clear which information was compromised.
“Many of the incidents identified last for months, so it is possible that each threat actor was able to obtain victim data over this period to maintain long-term access to the victim network and assist in information gathering efforts. It’s highly prone, “said Insikt. AP. “At this time, we have no insight into the specific data captured by threat actors.”
Some information about Indonesia was disclosed in a previous report from the Insikt Group in September, and Indonesian officials said there was no evidence that the computer was at risk at the time.
The Insikt Group said its previous activities directed by the Mustang Panda group’s malware server to Indonesia gradually ceased in mid-August following a second notice the company provided to national authorities. Stated.
Indonesian Foreign Ministry spokesman Teuku Faizasyah said he had no information on the Insikt Group’s new findings that the ministry was also targeted.
Similarly, Thai troops said there was no immediate information that the cybersecurity team had detected an intrusion into the server.
Colonel Ramon Zagara, a spokesman for the Philippine Army, said the army had not yet seen reports of the incident, but said, “To take all kinds of potential attacks seriously and protect our critical system. We are taking steps. “
The Insikt Group said it also detected activity in Cambodia, and Laos believes it is related to Beijing’s Belt and Road Initiative to build ports, railroads and other facilities in Asia, Africa and the Pacific.
Poor countries welcome this initiative, but some complain that it is left behind because of the banks of China.
Just last week, Laos opened a $ 5.9 billion Chinese-made railroad connecting the country to southern China.
“Historically, many Chinese cyber-espionage activities overlap heavily with projects and countries that are strategically important to BRI,” said the Insikt Group, referring to the Belt and Road Initiative.
Cambodian government spokesman Phay Siphan said the country’s government agencies did not detect the server hacks pointed out by the Insikt Group.
Jim Gomez of Manila, Philippines, Edna Taligan of Jakarta, Indonesia, Busaba Sibasongbon of Bangkok, and Sofen Chan of Phnom Penh, Cambodia contributed to this report.
Suggest a fix
Report: Chinese hackers target Southeast Asian countries | WGN Radio 720
Source link Report: Chinese hackers target Southeast Asian countries | WGN Radio 720