Several cybersecurity firms have recently found that Chinese-sponsored hacking activity has been on the rise in recent years, with Southeast Asian governments and Japan-related departments becoming key targets for Chinese cyber intrusions. Experts are concerned that the normalization of telecommuting across the region during the New Canopy epidemic could increase cybersecurity vulnerabilities.
While monitoring the activities of the Advanced Persistent Threat (APT) group in Asia, cybersecurity firm Bitdefender discovered that a Chinese APT group had carried out sophisticated and targeted espionage attacks on Southeast Asian government departments.
In a report released this week, the company said that the operation had been going on for at least several years, with the earliest signs of an attack dating back to November 2018, followed by an increase in early 2019, when about 200 computer systems showed signs of an attack.
By studying some of the traces left by the network intrusion, the company’s researchers discovered that the attackers were a Chinese-speaking APT group. The “Chinoxy” backdoor program used in the attack is a Trojan horse program known to be used by Chinese hackers.
According to some sources, the FunnyDream backdoor malware used by this group has been previously used to attack government organizations in Malaysia, Taiwan, and Vietnam.
Separately, cybersecurity firm Symantec on Nov. 17 uncovered an APT cyberattack that primarily targeted Japanese organizations. According to the report, the wave of attacks began in mid-October 2019, and the geographic distribution of victims was quite broad, including organizations in China, Taiwan, Hong Kong, Japan, South Korea, the Philippines, Thailand, Vietnam, Singapore, the United States, Mexico, the United Arab Emirates, the United Kingdom, France, Belgium, and Germany, with industries ranging from automotive manufacturing, apparel, electronics, engineering, trading companies, government departments, industrial supplies, and other industries. Symantec’s name for the organization is “Cicada” (meaning “cicada”).
Symantec has codenamed the group “Cicada” (meaning “cicada”). The scale of the group’s operations means that it can target multiple large organizations in different regions at the same time, which requires significant resources and skills that are often directed at state-supported groups, the report said.
Symantec believes the group is funded by the Chinese government. It has been active in cyber espionage since 2009 and has almost exclusively targeted companies with ties to Japan, the report said.
Symantec said the group exploited a system vulnerability called “Zerologon” that was discovered by NetSec in August of this year. The report said that organizations with ties to Japan need to remain vigilant, especially in the automotive industry. But because of the wide range of industries targeted by the attack, organizations across all sectors in Japan need to be aware of the risks they face from such activities.
Cybersecurity firm CrowdStrike recently released a survey of cybersecurity experts and IT security professionals from multiple countries around the world, and the majority of respondents identified China as the primary source country for state-sponsored cyber attacks.
The survey, called the Global Security Attitude Survey 2020, found that cyber attackers are exploiting cybersecurity vulnerabilities exposed by the increase in telecommuting around the world as a result of the New Crown epidemic. Two-thirds of the more than 2,200 cybersecurity professionals surveyed are concerned about a Chinese government-sponsored cyberattack on their department, according to the survey.
Eighty-nine percent of respondents believe that increasing international tensions stemming from international disputes such as the U.S.-China trade war could lead to a significant increase in the number of cyberthreats faced by governments, businesses, and other organizations in different countries.
Recent Comments