By DAVID RISING, Associated Press

BANGKOK (AP) – Chinese hackers, presumably state-sponsored, have widely targeted government and private organizations across Southeast Asia, including those closely involved with Beijing in infrastructure development projects, according to a report released Wednesday by a private body based in the United States. cybersecurity company.

The specific targets included the office of the Prime Minister of Thailand and the Thai army, the Indonesian and Philippine navies, the National Assembly of Vietnam and the central office of its Communist Party, and the Ministry of Defense of Malaysia, according to the Insikt group. , Massachusetts Threat Research Division. based on Recorded Future.

Insikt said it has determined that leading military and government organizations in Southeast Asia have been compromised in the past nine months by hackers using custom malware families such as FunnyDream and Chinoxy. These custom tools are not available to the public and are used by several groups that are believed to be sponsored by the Chinese state, the group said.

The targeting also aligns with the political and economic goals of the Chinese government, reinforcing suspicions that it is state sponsored, Insikt said.

Political cartoons about world leaders

Political cartoons

“We believe that this activity is very likely to be a state actor, as the long-term targeted intrusions observed in high-value government and political targets are consistent with cyber espionage activity, coupled with identified technical links with activities known state-sponsored companies, ”the company said. The Associated Press.

China’s Foreign Ministry did not immediately respond to a request for comment on the allegations.

In the past, Chinese authorities have consistently denied any form of state-sponsored hacking, instead claiming that China itself is a major target for cyber attacks.

Among the computer intrusions it tracked, Insikt Group said Malaysia, Indonesia and Vietnam were the top three countries targeted. Myanmar, the Philippines, Laos, Thailand, Singapore and Cambodia were also targeted.

All countries were informed in October of the results, although it is believed that at least part of the activity is underway, the company said.

“Throughout 2021, Insikt Group followed a persistent cyber espionage campaign targeting the Prime Minister’s offices, military entities and government departments of rival claimants in the South China Sea, Vietnam, Malaysia and the Philippines,” the company said. “Other victims during the same period include organizations in Indonesia and Thailand. “

Much of that campaign was attributed to a group being tracked under the temporary identifier of Threat Activity Group 16, or TAG-16, Insikt Group said.

“We have also identified evidence suggesting that TAG-16 shares custom abilities with the People’s Liberation Army (China) related activity group RedFoxtrot,” the group said.

Overall, Insikt Group said it had identified more than 400 unique servers in Southeast Asia communicating with malware, but it was not clear what information was compromised.

“Many of the incidents identified lasted for several months, so it is highly likely that the respective threat actors maintained long-term access to victims’ networks and were able to obtain victim data during this period at the supporting intelligence-gathering efforts, ”Insikt said. AP. “At this time, we have no information on the specific data obtained by the threat actors.”

Some information about Indonesia leaked in a previous report by the Insikt group in September, and Indonesian authorities said at the time that they had found no evidence that their computers had been compromised.

Insikt Group said previous activity directed against Indonesia from malware servers operated by the “Mustang Panda” group had gradually come to a halt in mid-August, following a second notification that the company had provided to the country’s authorities.

Indonesian Foreign Ministry spokesman Teuku Faizasyah said he had no information about new findings from Insikt Group that the ministry had also been targeted.

Likewise, the Thai military said it had no immediate information that its cybersecurity team had detected intrusions into its servers.

Col. Ramon Zagala, spokesman for the Philippine Armed Forces, said the military has yet to see Insikt’s report but “he takes all kinds of potential attacks seriously and has put in place measures to protect our vital systems “.

Insikt Group said it also detected activity in Cambodia and Laos, which is linked to Beijing’s Belt and Road initiative to build ports, railways and other facilities in Asia, Africa. and in the Pacific.

Poorer countries hailed the initiative, but some complained about owing too much to Chinese banks.

As recently as last week, Laos inaugurated a $ 5.9 billion Chinese railroad connecting the country with southern China.

“Historically, many Chinese cyber espionage operations have strongly overlapped with strategically important projects and countries for the BRI,” the Insikt group noted, referring to the Belt and Road initiative.

Cambodian government spokesman Phay Siphan said the country’s own agencies had not detected any server hacks reported by Insikt Group.

Jim Gomez in Manila, Philippines, Edna Tarigan in Jakarta, Indonesia, Busaba Sivasomboon in Bangkok and Sopheng Cheang in Phnom Penh, Cambodia, contributed to this report.

Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.