Recorded Future’s Insikt Group, a US-based private cybersecurity company, reported that Chinese state-sponsored hackers are currently targeting several Southeast Asian countries, specifically those with similar territorial claims or those involved in infrastructure development projects.
The report mentioned the top five most targeted Southeast Asian countries were Malaysia, Indonesia, Vietnam, Myanmar, and the Philippines.
A. Nature of the Vulnerabilities
The identified threat actor group was called Threat Activity Group 16 (TAG-16) using custom malware families such as FunnyDream, Chinoxy, and PCShare backdoors.
Among the sample, TAG-16 victims that they have identified in the Philippines were the Philippine Navy, Armed Forces of the Philippines, Presidential Management Staff, and Department of Foreign Affairs.
Based on Recorded Future adversary infrastructure detection and Network Traffic Analysis (NTA) techniques, in the past 9 months, Insikt Group identified over 400 unique victim servers located in Southeast Asia communicating with malware command and control (C2) infrastructure with likely links to Chinese state-sponsored actor.
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- Check systems and devices for known vulnerabilities, and if applicable, apply the necessary patches and updates to mitigate security threats.
- Having an anti-virus software and/or host-based detection tool is also recommended.
- Having a good backup of the system, in case there are anomalies and issues encountered to minimize, if not prevent the disruption of services.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official report: https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf