A recent report reveals that over the past few years, at least eight government and military entities in the South China Sea region have fallen victim to cyberattacks allegedly orchestrated by a group aligned with Chinese interests. Researchers from Bitdefender found that hackers repeatedly accessed systems used by these governments, though the report does not specify the affected countries or whether they were previously aware of the breaches.

The perpetrators, identified as a previously unknown threat actor named Unfading Sea Haze, seem to have motives aligned with espionage, with their targets suggesting connections to Chinese interests. The South China Sea, known for territorial disputes involving China, Vietnam, the Philippines, Malaysia, Indonesia, and Taiwan, serves as a backdrop for these cyber activities.

While the choice of targets implies a link to Beijing, other indicators, such as the use of various Gh0st RAT variants favored by Chinese actors, reinforce this connection. Initial access to systems was gained through spear-phishing emails, some as recent as May 2023, which contained malicious attachments installing backdoors for continued access.

Once inside, the hackers utilized multiple tools to expand their reach within networks, often commandeering administrator accounts for deeper access. They also deployed various malware types to avoid detection and harvest sensitive data like passwords.

A report by Mandiant, a cybersecurity firm owned by Google, highlights China’s use of stolen and leased proxies worldwide, including home office routers, as part of hacking campaigns such as Volt Typhoon, which targets critical infrastructure used by the U.S. military.

The post is based on the content of an article in “The Record”

https://therecord.media/chinese-hackers-compromising-south-china-sea-targets