Chinese Hackers Targeting ASEAN Nations: U.S. Cybersecurity Firm
- By The Financial District

- Dec 10, 2021
- 2 min read
Chinese hackers, likely state-sponsored, have been targeting government and private organizations across Southeast Asia, including those closely involved with Beijing on infrastructure projects, a report released Wednesday by a US-based private cybersecurity company alleged.

Photo Insert: The persistent cyber-espionage campaign is said to be targeting the prime minister’s offices, military entities, and government departments of rival South China Sea claimants Vietnam, Malaysia, and the Philippines
Specific targets included the Thai prime minister’s office and the Thai army, the Indonesian and Philippine navies, Vietnam’s national assembly and the central office of its Communist Party, and Malaysia’s Ministry of Defense, according to the Insikt Group, the threat research division of Massachusetts-based Recorded Future, David Rising reported for the Associated Press (AP).
Insikt said it determined that the high-profile military and government organizations in Southeast Asia had been compromised over the last nine months by hackers using custom malware families such as FunnyDream and Chinoxy.
Those custom tools are not publicly available and are used by groups believed to be backed by Beijing. The targeting also aligns with the political and economic goals of the Chinese government, bolstering the suspicion it is state-sponsored, Insikt said.
Despite uncontroverted evidence, China routinely denies its role in hacking the information systems of Southeast Asian nations that oppose Beijing’s claims on islets, reefs, and atolls in the South China Sea.
“Throughout 2021, Insikt Group tracked a persistent cyber-espionage campaign targeting the prime minister’s offices, military entities, and government departments of rival South China Sea claimants Vietnam, Malaysia, and the Philippines,” the company said.
“Additional victims during the same period include organizations in Indonesia and Thailand.” Much of that campaign was attributed to a group being tracked under the temporary identifier of Threat Activity Group 16, or TAG-16, Insikt Group said.
“We also identified evidence suggesting that TAG-16 shares custom capabilities with the (China's) People's Liberation Army-linked activity group RedFoxtrot," the group said.
![TFD [LOGO] (10).png](https://static.wixstatic.com/media/bea252_c1775b2fb69c4411abe5f0d27e15b130~mv2.png/v1/crop/x_150,y_143,w_1221,h_1193/fill/w_179,h_176,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/TFD%20%5BLOGO%5D%20(10).png)











