Chinese Cyberwarfare Heightens Tensions in Southeast Asia

457

Government agencies in the Philippines have been attacked by cyberwarfare operations linked to the Chinese government, Hacker News reported in November 2023. Mustang Panda is the most recent name used by the Advanced Persistent Threat (APT), a moniker given to any organization that is highly skilled and organized with the resources to pull off complex attacks.

Unit 42, an expert in incident response was quoted by the Hacker News as stating Mustang Panda attacks were “aimed at an unnamed Southeast Asian government to distribute a variant of a backdoor called TONESHELL.” The breach was facilitated by a “spear-phishing” campaign, a version of phishing that is targeted at specific persons with a high level of detail and preparations. The attacks focus primarily on theft of proprietary and confidential information, which is sent back to the APT. Mustang Panda has been identified through its “trademark” attack strategies under at least six different names, across several different attacks.

A 2023 report on the evolution of Chinese cyber-attacks on Southeast Asian countries found that in 2015 a “systematic and disciplined shift in targeting patterns occurred across China’s entire cyber operations platform.” These new attacks targeted critical infrastructure and sensitive services in Southeast Asia. The change in targets was also found to coincide with the replacement of key military leaders, such as the head of the Ministry of State Security. 

While noting that “obtaining reliable facts and data is a continuous and significant ongoing challenge,” given the “sensitive and amorphous nature of Chinese state-backed cyber operations,” the report’s conclusion noted “advancements across the full spectrum of cyber operations-relevant technologies in support of China’s revised strategic industrial priorities and plans” and the appearance of “direct PLA [People’s Liberation Army] control… over the most capable cyber-operations units in China.”

Cyber-attacks are reported on with some regularity by US establishment news media; however, only a minute fraction of all cyber-attacks outside of the security community receive coverage. Attacks outside of the United States and other western nations are under-reported, perhaps deliberately. Until recently, Chinese cyber-attacks were often overshadowed, in establishment reporting, by attacks originating from Russia or North Korea. Stories such as the Hacker News report on Mustang Panda are often ignored as a result of their complexity.

Source: “Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions,” Hacker News, November 21, 2023.

Student Researcher: Elliot Jordan (Saint Michael’s College)

Faculty Evaluator: Rob Williams (Saint Michael’s College)

457

Government agencies in the Philippines have been attacked by cyberwarfare operations linked to the Chinese government, Hacker News reported in November 2023. Mustang Panda is the most recent name used by the Advanced Persistent Threat (APT), a moniker given to any organization that is highly skilled and organized with the resources to pull off complex attacks.

Unit 42, an expert in incident response was quoted by the Hacker News as stating Mustang Panda attacks were “aimed at an unnamed Southeast Asian government to distribute a variant of a backdoor called TONESHELL.” The breach was facilitated by a “spear-phishing” campaign, a version of phishing that is targeted at specific persons with a high level of detail and preparations. The attacks focus primarily on theft of proprietary and confidential information, which is sent back to the APT. Mustang Panda has been identified through its “trademark” attack strategies under at least six different names, across several different attacks.

A 2023 report on the evolution of Chinese cyber-attacks on Southeast Asian countries found that in 2015 a “systematic and disciplined shift in targeting patterns occurred across China’s entire cyber operations platform.” These new attacks targeted critical infrastructure and sensitive services in Southeast Asia. The change in targets was also found to coincide with the replacement of key military leaders, such as the head of the Ministry of State Security. 

While noting that “obtaining reliable facts and data is a continuous and significant ongoing challenge,” given the “sensitive and amorphous nature of Chinese state-backed cyber operations,” the report’s conclusion noted “advancements across the full spectrum of cyber operations-relevant technologies in support of China’s revised strategic industrial priorities and plans” and the appearance of “direct PLA [People’s Liberation Army] control… over the most capable cyber-operations units in China.”

Cyber-attacks are reported on with some regularity by US establishment news media; however, only a minute fraction of all cyber-attacks outside of the security community receive coverage. Attacks outside of the United States and other western nations are under-reported, perhaps deliberately. Until recently, Chinese cyber-attacks were often overshadowed, in establishment reporting, by attacks originating from Russia or North Korea. Stories such as the Hacker News report on Mustang Panda are often ignored as a result of their complexity.

Source: “Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions,” Hacker News, November 21, 2023.

Student Researcher: Elliot Jordan (Saint Michael’s College)

Faculty Evaluator: Rob Williams (Saint Michael’s College)