Chinese hackers have targeted Malaysia and other Southeast Asian countries

According to a US-based cybersecurity firm, Chinese hackers targeted military and civilian organisations in various Southeast Asian countries this year, particularly those with similar territorial claims or vital infrastructure projects, implying official involvement.

Malaysia, Indonesia, and Vietnam were the top three nations attacked in the last nine months, according to new analysis released late Wednesday by the Insikt Group, the threat research arm of Massachusetts-based Recorded Future.

According to the report, the hackers targeted numerous other countries, including the Philippines, Laos, Cambodia, and Thailand.

Insikt Group said in its report that "the identified intrusion campaigns almost certainly support key strategic aims of the Chinese government, such as gathering intelligence on countries engaged in South China Sea territorial disputes or related to projects and countries strategically important to the Belt and Road Initiative (BRI),"

The hackers targeted the offices of the Thai and Malaysian prime ministers, as well as their foreign affairs departments and militaries, according to the report.

Insikt said it discovered over 400 unique servers in Southeast Asia talking with infected networks, all of which were likely linked to Chinese state-sponsored actors, but it had no knowledge of the precise material acquired.

Much of the activity was ascribed to a Chinese state-sponsored outfit known as Threat Activity Group 16.

TAG-16 appears to share custom capabilities with the People's Liberation Army-linked activity group RedFoxtrot, according to the report.
In October, Insikt stated it alerted all of the countries involved.

The results of Insikt were dismissed by China.

"We oppose the dissemination of disinformation for political reasons in order to mislead the world community and foment conflict among regional nations," said Wang Wenbin, a spokeswoman for China's foreign ministry, at a routine news briefing in Beijing yesterday.

China has previously disregarded Recorded Future's claims, such as findings in September that Chinese state-sponsored hackers penetrated and presumably stole data from an Indian government organisation in charge of a national identification database.

Insikt reported in May that it had discovered probable Chinese state-sponsored network intrusion activities aimed at Laos' "telecommunications, government, and state-owned enterprises."
Targets included the Lao National Committee for Special Economic Zones and the National Enterprise Database, according to the report.
Laos opened a roughly $6 billion Chinese-built railway connecting the country to southern China earlier this month.

The Cambodian foreign ministry, as well as the country's only international and commercial deep sea port, Sihanoukville Autonomous Port, were targeted in September, according to the cybersecurity organisation.