{"id":214489,"date":"2021-12-17T12:50:21","date_gmt":"2021-12-17T04:50:21","guid":{"rendered":"https:\/\/techwireasia.com\/?p=214489"},"modified":"2021-12-20T12:09:24","modified_gmt":"2021-12-20T04:09:24","slug":"state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report","status":"publish","type":"post","link":"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/","title":{"rendered":"State-sponsored Chinese hackers target Southeast Asian govts, militaries: report"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These include those closely involved with Beijing on infrastructure development projects, according to a <\/span><a href=\"https:\/\/go.recordedfuture.com\/hubfs\/reports\/cta-2021-1208.pdf\"><span style=\"font-weight: 400;\">report released this Wednesday by Insikt Group<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The group, part of private Masachussets-based cybersecurity firm Recorded Future, tracked Chinese state-sponsored cyber-espionage operations targeting government and private sector organizations across Southeast Asia this year.\u00a0<\/span><\/p>\n<h3><b>Hackers \u2018likely linked\u2019 to Chinese state government<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">According to Insikt, the identified intrusion campaigns \u201calmost certainly support key strategic aims of the Chinese government\u201d.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These include gathering intelligence on countries engaged in territorial disputes related to the South China Sea or related to projects and countries strategically important to the Belt and Road Initiative (BRI).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The report highlighted \u2018Threat Activity Group 16\u2019 (TAG-161 ), which has compromised several high-profile military and government organizations across Southeast Asia throughout 2021.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These attacks, claim the group, have utilized custom malware families such as FunnyDream and Chinoxy. Many of the governments targeted by TAG-16 are engaged in ongoing disputes with China over territorial claims in the South China Sea.<\/span><\/p>\n<div id=\"attachment_214494\" style=\"width: 828px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-214494\" loading=\"lazy\" class=\"wp-image-214494 size-full\" src=\"https:\/\/techwireasia.com\/wp-content\/uploads\/2021\/12\/Suspected-Chinese-state-sponsored-intrusions-targeting-Southeast-Asia-by-country-in-the-past-9-months.-The-number-of-victim-organizations-is-likely-smaller-than-the-number-of-e1639715589557.png\" alt=\"chinese hackers activities \" width=\"818\" height=\"373\" srcset=\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/Suspected-Chinese-state-sponsored-intrusions-targeting-Southeast-Asia-by-country-in-the-past-9-months.-The-number-of-victim-organizations-is-likely-smaller-than-the-number-of-e1639715589557.png 818w, https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/Suspected-Chinese-state-sponsored-intrusions-targeting-Southeast-Asia-by-country-in-the-past-9-months.-The-number-of-victim-organizations-is-likely-smaller-than-the-number-of-e1639715589557-300x137.png 300w, https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/Suspected-Chinese-state-sponsored-intrusions-targeting-Southeast-Asia-by-country-in-the-past-9-months.-The-number-of-victim-organizations-is-likely-smaller-than-the-number-of-e1639715589557-768x350.png 768w\" sizes=\"(max-width: 818px) 100vw, 818px\" \/><p id=\"caption-attachment-214494\" class=\"wp-caption-text\"><em>Suspected Chinese state-sponsored intrusions targeting Southeast Asia by country in the past 9 months. The number of victim organizations is likely smaller than the number of victim IPs listed due to IP reassignment and other technical considerations. (IMG\/Recorded Future)<\/em><\/p><\/div>\n<p><span style=\"font-weight: 400;\">Using Recorded Future adversary infrastructure detection and Network Traffic Analysis (NTA) techniques, in the past 9 months, Insikt Group identified over 400 unique victim servers located in Southeast Asia.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The top 3 targeted countries within their data set were Malaysia, Indonesia, and Vietnam, with known groups active in the region including RedDelta, Naikon, and Goblin Panda, as well as temporary clusters grouped as TAG-16 and TAG-22.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The group had, in April 2021, reported that multiple government organizations across Vietnam, Malaysia, Indonesia, Thailand, and the Philippines were communicating with TAG-16 C2 infrastructure, and with likely links to Chinese state-sponsored actors.\u00a0<\/span><\/p>\n<h3><b>Not the first instance of attacks<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">In November 2020, Bitdefender reported on a TAG-16 campaign targeting Southeast Asian government institutions using the Chinoxy, FunnyDream, and PCShare backdoors.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While the group behind this activity was unnamed, Kaspersky and PWC have also briefly referenced this FunnyDream campaign, with PWC tracking the group as Red Hariasa.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Notably, Insikt Group identified the compromise of navies, prime minister\u2019s offices, ministries of defense, and ministries of foreign affairs across several countries with a presence in the South China Sea.\u00a0<\/span><\/p>\n<div id=\"attachment_214502\" style=\"width: 759px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-214502\" loading=\"lazy\" class=\"size-full wp-image-214502\" src=\"https:\/\/techwireasia.com\/wp-content\/uploads\/2021\/12\/Sample-of-identified-TAG-16-victims.png\" alt=\"Sample of identified TAG-16 victims (IMG\/ Recorded Future)\" width=\"749\" height=\"524\" srcset=\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/Sample-of-identified-TAG-16-victims.png 749w, https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/Sample-of-identified-TAG-16-victims-300x210.png 300w\" sizes=\"(max-width: 749px) 100vw, 749px\" \/><p id=\"caption-attachment-214502\" class=\"wp-caption-text\"><em>Sample of identified TAG-16 victims (IMG\/ Recorded Future)<\/em><\/p><\/div>\n<p><span style=\"font-weight: 400;\">The targeting of Cambodia\u2019s Sihanoukville Autonomous Port (PAS) and Laos\u2019s National Committee for SEZs (special economic zones) are likely linked to China\u2019s wider strategic objectives under the BRI.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">PAS has high strategic significance given its location along the Maritime Silk Road route, while the Lao government has promoted the development of SEZs as an entry point for private sector development, including domestic and foreign direct investment (FDI).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8220;We believe this activity is highly likely to be a state actor as the observed long-term targeted intrusions into high-value government and political targets is consistent with cyber-espionage activity, coupled with identified technical links to known Chinese state-sponsored activity,&#8221; the company told <\/span><i><span style=\"font-weight: 400;\">The Associated Press.<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">In the past, Chinese authorities have consistently denied any form of state-sponsored hacking, instead, saying China itself is a major target of cyberattacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">All countries affected were notified of these findings in October, although the firm said that some of these activities are still ongoing, <\/span><a href=\"https:\/\/asia.nikkei.com\/Politics\/International-relations\/Chinese-hackers-targeted-Southeast-Asia-s-government-military-offices\"><span style=\"font-weight: 400;\">reported <\/span><i><span style=\"font-weight: 400;\">Nikkei Asia<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">.\u00a0<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Additionally, it was reported that Chinese hackers have also <\/span><a href=\"https:\/\/techwireasia.com\/2021\/12\/new-log4j-vulnerability-most-serious-ever-chinese-hackers-already-exploiting-it\/\"><span style=\"font-weight: 400;\">exploited the latest Log4j (or Log4Shell) vulnerabilities<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.\u00a0 These include those closely involved with Beijing on infrastructure development projects, according to a report released this Wednesday by Insikt Group. The group, part of private Masachussets-based cybersecurity firm Recorded Future, tracked Chinese state-sponsored cyber-espionage operations targeting government and private<a class=\"excerpt-read-more\" href=\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/\" title=\"ReadState-sponsored Chinese hackers target Southeast Asian govts, militaries: report\">&#8230; Read more &raquo;<\/a><\/p>\n","protected":false},"author":631,"featured_media":214498,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[10486,24,10488,7,2804,2372],"tags":[2513,10504,2949,2701],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>State-sponsored Chinese hackers target SEA govts - Tech Wire Asia<\/title>\n<meta name=\"description\" content=\"Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"State-sponsored Chinese hackers target SEA govts - Tech Wire Asia\" \/>\n<meta property=\"og:description\" content=\"Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech Wire Asia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techwireasia\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-17T04:50:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-20T04:09:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techwireasia.com\/wp-content\/uploads\/2021\/12\/shutterstock_506070154.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"668\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TechieKitteh\" \/>\n<meta name=\"twitter:site\" content=\"@techwireasia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/techwireasia.com\/#website\",\"url\":\"https:\/\/techwireasia.com\/\",\"name\":\"Tech Wire Asia\",\"description\":\"Where technology and business intersect\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/techwireasia.com\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/shutterstock_506070154.jpg\",\"contentUrl\":\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/12\/shutterstock_506070154.jpg\",\"width\":1000,\"height\":668,\"caption\":\"Chinese hackers suspected of being state-sponsored are theorized to have launched these attacks on SEA countries disputing parts of the South China Sea (IMG\/Shutterstock)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/#webpage\",\"url\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/\",\"name\":\"State-sponsored Chinese hackers target SEA govts - Tech Wire Asia\",\"isPartOf\":{\"@id\":\"https:\/\/techwireasia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/#primaryimage\"},\"datePublished\":\"2021-12-17T04:50:21+00:00\",\"dateModified\":\"2021-12-20T04:09:24+00:00\",\"author\":{\"@id\":\"https:\/\/techwireasia.com\/#\/schema\/person\/d8e97bea45593c4c9b0c7c6066bd7e31\"},\"description\":\"Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.\",\"breadcrumb\":{\"@id\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/techwireasia.com\/2021\/12\/state-sponsored-chinese-hackers-targeted-sea-govts-militaries-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/techwireasia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"China cyberattacks\",\"item\":\"https:\/\/techwireasia.com\/tag\/china-cyberattacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"State-sponsored Chinese hackers target Southeast Asian govts, militaries: report\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/techwireasia.com\/#\/schema\/person\/d8e97bea45593c4c9b0c7c6066bd7e31\",\"name\":\"Jamilah Lim\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/techwireasia.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9b60e008809cafe7ef692e8969ffbbba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9b60e008809cafe7ef692e8969ffbbba?s=96&d=mm&r=g\",\"caption\":\"Jamilah Lim\"},\"description\":\"Jam (she\/they) is the editor of Tech Wire Asia. They are a humanist and feminist with a love for science and technology. They are also cognizant of the intersectionality of the above with ethics, morality, and its economic\/social impact on people, especially marginalized\/underdeveloped communities.\",\"sameAs\":[\"jamilahlim\",\"https:\/\/twitter.com\/TechieKitteh\"],\"url\":\"https:\/\/techwireasia.com\/author\/jamilah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","meta-shares":{"featured1":["yes"],"featured2":["no"],"featured3":["yes"],"featured4":["yes"],"featured5":["no"],"classic-editor-remember":["classic-editor"],"_edit_lock":["1640248519:638"],"_edit_last":["631"],"dfiFeatured":["a:1:{i:0;s:0:\"\";}"],"_yoast_wpseo_focuskw":["chinese hackers"],"_yoast_wpseo_linkdex":["78"],"_yoast_wpseo_content_score":["30"],"_yoast_wpseo_estimated-reading-time-minutes":["3"],"primary-tag-meta-box":["2701"],"story-series-meta-box":[""],"story-series-featured":["no"],"twitter-post-meta-box":["This is not the first instance of attacks on SEA government and militaries.\r\n\r\n#cyberespionage #cyberattacks #cybersecurity #China"],"twittertwo-post-meta-box":[""],"twitterthree-post-meta-box":[""],"facebookone-post-meta-box":[""],"facebooktwo-post-meta-box":[""],"video-post-meta-box":[""],"writer-meta-box-dropdown":["Jamilah"],"_thumbnail_id":["214498"],"_yoast_wpseo_primary_category":["2372"],"_yoast_wpseo_title":["State-sponsored Chinese hackers target SEA govts %%sep%% %%sitename%%"],"_yoast_wpseo_metadesc":["Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia."],"bs_social_share_facebook":["0"],"bs_social_share_twitter":["0"],"bs_social_share_linkedin":["0"],"bs_social_share_reddit":["0"],"bs_social_share_interval":["1641551555"],"meta-shares":["38"],"meta-readers":["149"]},"_links":{"self":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/214489"}],"collection":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/users\/631"}],"replies":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/comments?post=214489"}],"version-history":[{"count":9,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/214489\/revisions"}],"predecessor-version":[{"id":214507,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/214489\/revisions\/214507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/media\/214498"}],"wp:attachment":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/media?parent=214489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/categories?post=214489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/tags?post=214489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}