Cyber security firm FireEye’s recent report details persistent cyber espionage in Southeast Asian countries over the past decade. Many of the victims include defense and communication firms and local journalists who reported on regional affairs and Chinese government issues. The report claims these attacks were state sponsored, likely by the Chinese government—a known cyber aggressor.
The attackers showed a key interest in the political, economic, military, and regional issues within the Southeast Asia–Pacific, particularly topics related to the Chinese Communist Party and its territorial disputes. The ongoing territorial disputes between China and India were of particular interest to the hackers. Malaysia, Vietnam, and possibly Brunei and the Philippines—all of whom have ongoing maritime disputes with China in the South China Sea—were subject to attack as well.
These attacks differ from those made by everyday hacktivists or cyber criminals in their sophistication; they are drawn-out, target-specific attacks intended to reap information, not quick attacks aimed at financial gain, such as the recent Carbanak APT that impacted up to 100 financial institutes in which hackers stole upward of $1 billion. The attacks moved data in small amounts in order to keep victims unalarmed and several types of attacks even attempted to bypass networks that were physically disconnected from other potentially high-risk networks.
Organizations and governments associated with the Association of South East Asian Nations (ASEAN) were constant targets of such attacks. Victims saw an increase in attacks around ASEAN summits and when ASEAN Secretary-General Le Luong Minh of Vietnam took office in 2013.
Six months ago, analytics company Novetta released a similar report that claimed the Axiom cyber threat group was a Chinese intelligence-gathering operation—with the main subjects of attack being a plethora of Eastern and Western government agencies, media organizations, infrastructure firms, and others. Chinese government officials have always disclaimed using cyber tactics for hacking purposes, but they have noted the value of cyber information and the possible utilization of that information—censoring Web sites that question Chinese authority is in the Communist Party’s interests.
FireEye’s report shows attacks as recent as August 2014 and comes on the heels of the newly established Chinese Asian Infrastructure Investment Bank (AIIB), which will be primarily focused on investment in the emerging markets of Southeast Asia. The U.S. has shown skepticism over the bank regarding transparency on the Chinese side while many proclaim it is a diplomatic win for China in the region.
There have been questions over what grand strategy China may have in the Asia–Pacific, whether it be diminishing U.S. influence in the region by “dividing and conquering” the smaller Southeast Asian countries and allies of the U.S. or a Janus-faced style of diplomacy that only denies any allegations of cyber attacks. Regardless, state-sponsored or not, cyber threats from China continue to present problems for the region and U.S. strategic interests.