In early 2024, several member states of the Association of Southeast Asian Nations (ASEAN) were targeted in cyberattacks linked to China-backed threat actors. These incidents encompassed espionage campaigns directed at government agencies and cyberattacks on vital infrastructure, orchestrated by Chinese entities.
While both cyber espionage campaigns and cyberattacks on critical infrastructure pose significant threats to national security, state sovereignty, and public safety, their objectives and potential impacts differ. Cyber espionage campaigns primarily target government entities or corporations with the goal of intelligence gathering, reconnaissance, and surveillance. In contrast, cyberattacks on critical infrastructure are designed to disrupt or disable essential services and systems, such as drinking water supplies, transportation networks, and communication systems. Such attacks can lead to immediate and widespread chaos, significantly endangering public safety.
Chinese espionage campaigns in Southeast Asia
In January, Vietnam publicly named a number of Chinese advanced persistent threat (APT) groups as sources of cyber espionage, highlighting the increasing concerns over cybersecurity in the region. APTs are sophisticated threat actors often backed by nation-states or state-sponsored entities. The specific China-backed groups identified by Vietnam include APT31, APT41, Grayling, Mustang Panda, and SharpPanda. Vietnam observed a significant surge in espionage-related cyberattacks, with a 55% increase in 2023 compared to the prior year. These attacks targeted more than 280,000 computers across various government agencies, which is indicative of the scale and intensity of China’s cyber espionage efforts.
In February, the Philippine government convened an emergency briefing to address a series of cyberattacks targeting their government agencies, which were allegedly perpetrated by Chinese hackers. Among the affected entities were the office of the Philippine Cabinet Secretary, the Department of Justice, the National Coast Watch System, the Philippine Coast Guard, the Department of Information and Communications Technology, and the personal website of President Ferdinand Marcos Jr. Philippine officials were able to trace several Internet Protocol (IP) addresses back to China, implicating Chinese hackers in the attacks.
Furthermore, evidence of Chinese espionage campaigns has been detected in other ASEAN countries, notably Malaysia and Myanmar. Reports also indicate that Laos, Thailand, Indonesia, and Cambodia have been targets of cyber operations attributed to China.
Cyberattacks on critical infrastructure in Asia
Recent findings from Unit 42, the threat intelligence division of cybersecurity firm Palo Alto Networks, suggests that Chinese hackers infiltrated more than 20 Cambodian government agencies, including sectors of critical infrastructure such as telecommunications. In a separate investigation conducted in 2023, the Threat Hunter Team at Symantec disclosed that a threat actor group known as Redfly compromised the national power grid of an unspecified Asian country. Redfly utilized ShadowPad, a malware application frequently linked to China-supported cyber espionage groups. While the exact nation affected was not identified, this incident serves as a significant caution to ASEAN member states about the vulnerabilities of their critical infrastructure. Symantec has warned that Redfly seems to focus exclusively on organizations associated with critical infrastructure.
Initiating protocols for defensive measures
In light of the potential chaos that espionage campaigns and cyberattacks on critical infrastructure can unleash, the development of defensive strategies to prevent further disruptions to public safety is essential. For instance, Singapore is undergoing Exercise SG Ready, from February 15 to February 29, marking its inaugural implementation. This nationwide initiative is designed to improve the crisis and cyber disruption preparedness of Singaporean citizens. It includes simulations of various threats such as disinformation campaigns, drone attacks, and cyberattacks aimed at vital sectors, including power, water, food distribution, and digital networks.
While the outcomes of Exercise SG Ready are yet to be determined, as it is still in progress, this initiative stands as a significant proactive measure that merits close attention. In the face of the continuously evolving landscape of cyber threats, participation in exercises like SG Ready can enable nations to uphold a stance of proactive vigilance.
In conclusion, it is imperative for ASEAN member states to prioritize the enhancement of their defensive cyber capabilities to safeguard their critical infrastructure and national security. By promoting public awareness and enhancing regional collaboration, ASEAN can establish a more robust security infrastructure to better ensure the safety and security of its citizens.