TFIGlobal
TFIGlobal
TFIPOST English
TFIPOST हिन्दी
No Result
View All Result
  • Indo-Pacific
  • Americas
  • Canada
  • Indian Subcontinent
  • West Asia
  • Europe
  • Africa
  • The Caribbean
TFIGlobal
  • Indo-Pacific
  • Americas
  • Canada
  • Indian Subcontinent
  • West Asia
  • Europe
  • Africa
  • The Caribbean
No Result
View All Result
TFIGlobal
TFIGlobal
No Result
View All Result
  • Indo-Pacific
  • Americas
  • Canada
  • Indian Subcontinent
  • West Asia
  • Europe
  • Africa
  • The Caribbean

China Data Leak Reveals Cyber-Spying Surge in Southeast Asia

Tripti Garg by Tripti Garg
March 1, 2024
in Geopolitics
More than 500 files from Shanghai-based security contractor I-Soon were anonymously posted online (Nikkei montage/Source photos by AP and Reuters)

More than 500 files from Shanghai-based security contractor I-Soon were anonymously posted online (Source photos by AP and Reuters)

Share on FacebookShare on X

A document leak has exposed that hackers affiliated with a Chinese state-linked security contractor targeted government agencies in Southeast Asia over an extended period. The affected countries include Thailand, Vietnam, Malaysia, Indonesia, Myanmar, and Cambodia. 

This revelation sheds light on a previously undisclosed aspect of cyberespionage in regions where China maintains significant political and economic relationships. The breached systems include both state entities and private companies. Analysts assert that these cyberattacks align with a consistent trend of Chinese actors engaging in cyberespionage against smaller, more susceptible neighboring nations. The objective appears to involve monitoring sensitive issues and acquiring information related to Western technology companies operating in the region. 

Also Read

Macron’s Southeast Asia Tour: A Bid for Strategic Balance and Economic Ties

U.S. Warns of Growing Global Dangers in 2025 Threat Report

Despite U.S. Support, Pakistan Chooses China—New U.S. Report Warns of Rising Nuclear Danger

Join us on Telegram: https://t.me/tfiglobal

“China is a great power and has deep interests in Southeast Asia,” said Gatra Priyandita, a Southeast Asia expert at the Australian Strategic Policy Institute’s (ASPI) International Cyber Policy Centre. “They want to know what’s going on, and cyber tools help in supporting their efforts to win over officials. There’s also an interest in sensitive information and intellectual property.”

In mid-February, over 500 files originating from the Shanghai-based security contractor I-Soon, also known as Anxun, surfaced online. This unusual release garnered attention from media and cybersecurity experts, who promptly authenticated the files. Chinese law enforcement announced an investigation into the circumstances surrounding the data leak.

Among the disclosed documents was a spreadsheet detailing approximately 80 targets infiltrated by I-Soon, with nearly one-third situated in Southeast Asia. Notably, the list featured eight Thai government agencies, such as the National Intelligence Agency and the Ministry of Interior, along with two state-owned telecom companies and the largest mobile operator in the country, all identified as hacking targets between 2020 and 2022.

The leaked documents also highlighted the presence of Malaysian agencies, government targets in Vietnam, Indonesia, Cambodia, and Myanmar, as well as a telecommunications operator in the Philippines. Despite the significance of these revelations, officials from Thailand, Malaysia, Indonesia, and Vietnam have yet to respond to requests for comments on the matter.

Read More: China Showcases Naval Might with Enhanced Coast Guard Fleet

The cyberattacks conducted by I-Soon exhibited variations in timing and scale. Some instances were elucidated through notes detailing the extent of access achieved by I-Soon, including specifics like “hundreds of machines in the domain” and “office network” for Cambodia’s Financial Management Information System site. This site, a World Bank-backed initiative, functions as Cambodia’s central budget and finance apparatus.

Meas Soksensan, spokesperson for the Ministry of Economy and Finance, conveyed that he had not been informed about the I-Soon hacks. Subsequently, he emphasized the robustness and security of the established security system, asserting that no issues had been encountered.

Experts interviewed highlighted the ambiguity surrounding the dates in the spreadsheet, making it unclear whether they signified the commencement or conclusion of the hacking activities. Additionally, experts suggested the possibility of some ongoing operations. Palo Alto Networks, a U.S.-based cybersecurity company, has documented connections between I-Soon’s tactics and previous Chinese-state-affiliated advanced persistent threat (APT) campaigns, known for their capacity to operate covertly over extended durations.

The I-Soon office, also known as Anxun, in Chengdu.    © AP China
The I-Soon office, also known as Anxun, in Chengdu. © AP

The spreadsheet, while not disclosing specific clients, revealed I-Soon’s contractual engagements with various Chinese government entities, including the nation’s principal police agency. Documents also indicated the targeting of networks in Hong Kong and self-governing Taiwan, claimed by China as its territory, alongside actions against overseas Chinese dissidents.

Since the mid-2000s, Southeast Asia has confronted Chinese cyberespionage. Recent research documents unveil successful schemes directed at regional ministries, exemplified by the theft of numerous emails from the Association of Southeast Asian Nations (ASEAN). These activities employed tactics like “backdoor” malware within software updates and email phishing, strategically designed to deceive users into revealing confidential information.

Notably, these cyberattacks often coincided with geopolitical events of concern to China, such as ASEAN meetings or tensions in the South China Sea, where overlapping territorial claims exist between Beijing and its neighboring nations.

Abdul Rahman Yaacob, a research fellow at the Lowy Institute’s Southeast Asia Program, highlighted the particular interest I-Soon showed in foreign affairs ministries, notably in Thailand, Indonesia, and Vietnam, along with an emphasis on defense ministries.

“The main point of doing these attacks, especially in these specific government departments or ministries, is to understand and get data on their strategic assessments, their military developments, and their security,” he said.

Beyond government entities, hacking extends to private sectors. A 2022 report from the Australian Strategic Policy Institute (ASPI) reveals that, by 2020, private entities in Southeast Asia, such as universities and companies, constituted 15.4% of global advanced persistent threat (APT) targeting, a notable increase from the 3.6% reported in 2014.

Read More: Biden Curbs Personal Data Transfers in China Standoff

The heightened focus on private entities in the region may be attributed to the interest of Chinese hackers in infiltrating Western technology giants. Priyandita, associated with ASPI, suggests that these hackers encounter challenges in directly breaching such prominent targets.

“Because it’s hard to get to Microsoft, they may target a company in Thailand that’s doing business with Microsoft,” Priyandita said. “They may get access to potential information that will find vulnerabilities within the supply chain for Microsoft, and get to the IP (intellectual property) that way.”

Acknowledging security breaches poses a challenge for Southeast Asian governments and companies, with a tendency to underreport or even deny such incidents, as analysts point to the intricate technical and legal complexities associated with identifying and attributing these breaches to Chinese state actors.

Even in cyber-mature nations like Singapore, the relentless pace, extensive scale, and frequent occurrences of these cyberattacks present formidable challenges. Elina Noor, a senior fellow at the Carnegie Endowment for International Peace’s Asia Program, emphasizes the overwhelming nature of these attacks and notes a lack of political will to publicly identify and call out the perpetrators, even when identified.

However, recognizing the escalating threat landscape, ASEAN has taken steps to elevate cybersecurity as a priority. In 2018, it emerged as the sole regional association to adopt the United Nations’ 11 norms of state behavior in cyberspace. Recently, the establishment of a center for cooperation among ASEAN defense establishments against cyberattacks further underscores the collective efforts to address the growing challenges in the region.

“There will be more attacks, by state or non-state actors, to find the weak points and extract data from ASEAN countries,” said Lowy Insitute’s Yaacob. “The main issue now is whether ASEAN can effectively develop their capabilities to protect their digital economies and strategic interests.”

Tags: ASEANChinaCybercrimeSoutheast Asia
ShareTweetSend
Tripti Garg

Tripti Garg

Orator. Writer. Determined.Life-long Learner.

Also Read

Romania’s Calin Georgescu quits politics after controversial elections

Romania’s Calin Georgescu quits politics after controversial elections

May 28, 2025
Russia enraged with West’s missile escalation, claims “Europe once again gathering under the Nazi flag”

Russia enraged with West’s missile escalation, claims “Europe once again gathering under the Nazi flag”

May 28, 2025
Trump offers Canada “Golden Dome” cover if it becomes the 51st state of the US

Trump offers Canada “Golden Dome” cover if it becomes the 51st state of the US

May 28, 2025
Maduro Claims Victory Amid Venezuela Election

Venezuela’s Controversial Elections: Maduro Claims Big Win Amid Opposition Boycott

May 27, 2025
Russia: West committing piracy in the Baltics so we will break the blockade

Russia: West committing piracy in the Baltics so we will break the blockade

May 27, 2025
Kim Jong Un angry at Trump’s Golden Dome plans, North Korea claims US wants Space nuclear war

Kim Jong Un angry at Trump’s Golden Dome plans, North Korea claims US wants Space nuclear war

May 27, 2025
Youtube Twitter Facebook
TFIGlobalTFIGlobal
Right Arm. Round the World. FAST.
  • About Us
  • Contact Us
  • TFIPOST – English
  • TFIPOST हिन्दी
  • Careers
  • Brand Partnerships
  • Terms of use
  • Privacy Policy

©2025 - TFI MEDIA PRIVATE LIMITED

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Indo-Pacific
  • Americas
  • Canada
  • Indian Subcontinent
  • West Asia
  • Europe
  • Africa
  • The Caribbean
TFIPOST English
TFIPOST हिन्दी

©2025 - TFI MEDIA PRIVATE LIMITED

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. View our Privacy and Cookie Policy.