China state-sponsored hackers hack ASEAN mail servers

Last updated on March 9th, 2023 at 02:27 pm

In February of last year, Chinese state-sponsored hackers breached the Association of Southeast Asian Nations (ASEAN) mail systems, taking a trove of data that may have contained crucial information about the economies and politics of member nations.

According to a vulnerability alert acquired by WIRED, hackers took over 30GB of data, including over 10,000 emails exchanged by member countries, by infiltrating computers in February 2022. The alert was sent to cybersecurity agencies and foreign affairs ministries, as well as other government entities, in all ten ASEAN member states, including Thailand, Malaysia, Singapore, and the Philippines.

The incident occurred a few weeks before US Vice President Joe Biden hosted ASEAN leaders at the White House for diplomatic meetings that addressed opposing China’s influence in the region. At the two-day meeting, Biden also offered $150 million to ASEAN nations for infrastructure, security, and pandemic response.

The Chinese threat actors apparently exploited “legitimate credentials” to breach the mail.asean.org and auto.discover.asean.org domains used by ASEAN’s Microsoft Exchange servers. In addition, they exploited four Microsoft Exchange vulnerabilities throughout the hack.

The notice states that this is not the first time Chinese hackers have hacked ASEAN, as the intergovernmental body was targeted in July 2021 and between May and October 2019 as well.

Analysts believe Chinese hackers continue to target ASEAN because the data it possesses is crucial to gauging political and economic sentiments in the region.

China has made substantial investments in the region through the Belt and Road Initiative, a program that creates economic corridors connecting the Asian giant to neighboring nations. Yet, this strategy also increases China’s economic and political influence, causing friction with its neighbors. The territorial disputes in the South China Sea, involving China, the Philippines, Indonesia, and Vietnam, are one example of the geopolitical conflict that may result from the Chinese government’s aggressive securitization approach.

The alert states, “The identified intrusion campaigns almost certainly support key strategic goals of the Chinese government, such as gathering intelligence on countries engaged in territorial disputes in the South China Sea or on projects and countries strategically important to the Belt and Road Initiative.”

In the past two years, Recorded Future, a cybersecurity company, has tracked ten Chinese-affiliated groups that target Southeast Asian nations. Throughout 2021, the company also identified 400 Southeast Asian servers communicating with malware infrastructure that was presumably deployed by Beijing-backed threat actors. Malaysia, Indonesia, and Vietnam were the ASEAN countries most frequently targeted.

Also Read:- Daylight Saving Time 2023: When Does the Time Change?