The Philippines is among the Southeast Asian countries being broadly targeted by Chinese hackers conducting cyberespionage operations that are believed to be state-sponsored, according to a report released by a United States-based private cybersecurity company.
Among the key government agencies in the country identified as victims of such operations are the Armed Forces of the Philippines, the Philippine Navy, the Department of Foreign Affairs and the Presidential Management Staff.
“The identified intrusion campaigns almost certainly support key strategic aims of the Chinese government, such as gathering intelligence on countries engaged in South China Sea territorial disputes or related to projects and countries strategically important to the Belt and Road Initiative (BRI),” the Insikt Group said in a report released on Dec. 8.
Insikt (Swedish for “insight) is the threat research division of the Massachusetts-based Recorded Future Inc., which specializes in the collection, processing, analysis and dissemination of threat intelligence.
There was no immediate comment from the AFP, but in an earlier Associated Press report, military spokesperson Col. Ramon Zagala said “(the AFP) takes all kinds of potential attacks seriously and has measures in place to protect our vital systems.”
The AFP itself was previously accused of conducting cyberattacks on the news websites of Bulatlat and Altermidya, and on the website of the human rights group Karapatan.
‘Victim servers’
The Insikt report identified “over 400 unique victim servers” located in Southeast Asia and communicating with malware and control infrastructure with suspected links to Chinese-state sponsored actors in the past nine months.
The activity was identified through large-scale automated network traffic analytics and expert analysis of data sources, including Recorded Future Platform, and other common open-source tools and techniques.
Said to be among the top three targeted countries were Malaysia, Indonesia and Vietnam, which, like the Philippines, are among the claimants of the contested areas in the South China Sea.
Also among the countries suspected to be cyberattacked are Myanmar, Laos, Thailand, Singapore and Cambodia.
‘Likely to increase’
The affected countries were notified in October of the Insikt findings, the report said.
It added that at least 18 high-profile military and government organizations in the Southeast Asian region were targeted in 2021 using custom malware family groups, such as FunnyDream and Chinoxy, both originating from China and were used for information theft and espionage.
“This targeting is almost certainly linked to a range of objectives intended to support a deepening of regional influence, including traditional intelligence gathering against regional rivals and allies, economic intelligence gathering against BRI-linked targets, and the South China Sea disputes,” the report said.
Insikt warned that the cyberattacks on Beijing’s rival South China Sea claimants are “likely to increase in line with geopolitical tensions.”