As tensions mount in the real world due to the South China Sea conflict and Beijing’s global dominance aspirations, the cyberwar front is also ever-expanding
As tension surrounding China’s actions in the South China Sea near a tipping point, a new report sheds some light on Beijing’s activities in the invisible battleground of cyber espionage, directed against its neighbors in the contested region.
A new report by Recorded Future’s Insikt Group tracks suspected Chinese state-sponsored cyber espionage operations targeting government and private sector organizations across Southeast Asia. Insikt’s experts highlight one particular group, Threat Activity Group 16 (TAG-16), mentioning that the campaigns associated with it “almost certainly support” key strategic aims of the Chinese government.
“Throughout 2021, Insikt Group tracked a persistent cyber espionage campaign targeting the prime minister’s offices, military entities, and government departments of rival South China Sea claimants Vietnam, Malaysia, and the Philippines,” says the report, adding that the researchers have also identified “evidence suggesting that TAG-16 shares custom capabilities with the PLA-linked activity group RedFoxtrot.”
The report also mentions two other groups, which launched intrusion campaigns against targets in Laos and Cambodia. Insikt says it is likely that these two groups are linked to China’s wider strategic objections under its Belt and Road initiative.
In may 2021, for example, Insikt identified “a cluster of ShadowPad, Cobalt Strike, and Trochilus infrastructure used in suspected Chinese state-sponsored network intrusion activity targeting telecommunications, government, and state-owned organizations within Laos.” A few months later, in September, the researchers linked a cyberattack on a Cambodian port facility with another suspected Chinese state-sponsored group.