March 27, 2024
Two Chinese hacking groups have been exposed for mounting cyber attacks against ASEAN targets, as Britain and the US launch sanctions against Beijing-backed hackers for widespread cyber-spying in both countries.
Leading cybersecurity company Palo Alto Networks said the Chinese-based “advanced persistent threat” groups were behind multiple attacks on ASEAN-linked entities, including during this month’s ASEAN-Australia Special Summit in Melbourne.
Foreign Minister Penny Wong, who had “frank” talks with Chinese counterpart Wang Yi last week, condemned Beijing’s ongoing campaign of state-sponsored hacking.
“The persistent targeting of democratic institutions and processes has implications for democratic and open societies like Australia. This behaviour is unacceptable and must stop,” Senator Wong said in a statement with Cybersecurity Minister Clare O’Neil.
In the most recently disclosed attacks, a Chinese APT group, known a Stately Taurus used two malware packages to target entities in The Philippines, Singapore, Myanmar and Japan during the March 4-6 ASEAN-Australia summit, Palo Alto Networks said.
It said a second Chinese hacking group “compromised an ASEAN-affiliated entity” after earlier targeting government agencies in Singapore, Cambodia and Laos. “ASEAN-affiliated entities are attractive targets for espionage operations due to their role in handling sensitive information regarding diplomatic relations and economic decisions in the region,” the company said.
On Tuesday AEDT, British and US officials sanctioned members of Advanced Persistent Threat 31, branding it an arm of China’s Ministry of State Security.
The group’s targets in Britain included politicians critical of China and the country’s electoral watchdog, sparking a push by the Sunak government to declare China a threat to national security.
US authorities said APT31 had targeted White House staffers, US senators, defence contractors, dissidents and US companies.
The British and US governments sanctioned Zhao Guangzong, 38, and Ni Gaobin, 38, for alleged membership of APT31.
Sanctions were also slapped on Chinese firm Wuhan Xiaoruizhi Science and Technology, which was said to be a front for the hacking organisation.
“Today’s announcement exposes China’s continuous and brash efforts to undermine our nation’s cybersecurity and target Americans and our innovation,” FBI director Christopher Wray said in a statement.
Britain’s Deputy Prime Minister, Oliver Dowden, said: “The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values.”
Opposition cybersecurity spokesman James Paterson said Australia should match the British and US sanctions using its Magnitsky-style sanctions regime “so there are real costs and consequences for their behaviour”.
New Zealand’s signals intelligence agency revealed on Tuesday that Chinese hacking group APT40 was behind a 2021 cyberattack on the country’s parliament. “We are calling out where we see malicious cyber-activity from any state that attacks our democratic institutions,” New Zealand Prime Minister Christopher Luxon said.
Mike Bareja, the deputy director for cyber technology and security at the Australian Strategic Policy Institute, said Southeast Asian nations were prime targets for Chinese hackers seeking to support Beijing’s influence operations in the strategically critical region.
Cyber Security Co-operative Research Centre chief executive Rachael Falk said cyber attacks on key public institutions in the West were used to undermine public trust and “blur the divide between what is true and what is false”.
“Cyber-enabled interferences in democratic processes are the new weapons of mass distraction.”
