Chinese cyber threats target PH, other ASEAN nations amid Western military exercises

MANILA, Philippines – Microsoft’s April 2024 Threat Intelligence Report found that “China-based threat actors” are continuing to target entities, mostly from the government and telecommunications sectors from countries in the Association of Southeast Asian Nations (ASEAN), amid tensions in the region and the West Philippine Sea.

Microsoft found that these cyber actors affiliated with China “appeared particularly interested in targets related to the numerous US military drills conducted in the region” including US-PH military exercises.

The firm named several of these cyber groups that it observed from June 2023 to late 2023.

It said that Flax Typhoon targeted entities connected to US-PH military exercises. In late 2023, it saw the group taking aim at new targets in the Philippines, Hong Kong, India, and the United States.

Flax Typhoon has also previously exploited vulnerabilities in Taiwanese public-facing servers with the likely intention of espionage and maintaining access “for as long as possible,” Microsoft said.

“This actor also frequently attacks the telecommunications sector, often leading to many downstream effects,” the firm also said.

Another China-based group, Granite Typhoon, was observed to have “compromised telecommunication entities in the region during this period, with victims in Indonesia, Malaysia, the Philippines, Cambodia, and Taiwan.”

In June 2023, Raspberry Typhoon, also China-based, targeted “military and executive entities in Indonesia and a Malaysian maritime system in the weeks prior to a rare multilateral naval exercise involving Indonesia, China, and the United States.”

Amid the continued aggression of Chinese vessels in Ayungin Shoal, the Philippines and the US are set to continue joint training on islands facing Taiwan and the South China Sea, with an enhanced focus on cyber defense and “information warfare.”

Microsoft also reported that another Chinese group operating called Nylon Typhoon targeted government and IT entities in Europe with the purpose of “intelligence collection.” Nylon Typhoon also operates in South America.

Weaponizing artificial intelligence (AI) for influence operations

Chinese threat actors are also refining their influence operations through AI-generated and AI-enhanced content.

In 2023, an emerging threat group, nicknamed “Storm-1376,” started developing and propagating disinformation leading up to the Taiwanese elections.

One of its propaganda campaigns involved the distribution of a 300-page e-book containing scandalous accusations against Taiwanese President Tsai Ing-wen. According to US magazine Foreign Policy, its text served as a script for AI-generated news anchors to read out in videos circulating on social media.

Before this, Storm-1376 amplified a series of AI-generated memes accusing then-Taiwanese presidential candidate William Lai of embezzlement, as well as a false video of an AI actor “revealing” Lai’s illegitimate children. Lai won Taiwan’s January 2024 election, and will be inaugurated on May 20, 2024.

Below is a visual timeline from the Microsoft report:

According to Microsoft, the campaigns of Storm-1376 have evolved to enhance the image of the Chinese Communist Party (CCP) and mislead audiences through conspiracy theories. Meanwhile, state-sponsored influencers intensify the spread of disinformation by re-sharing identical content.

Microsoft also noted an increase in engagement-bait posts made by possible CCP-run accounts posing as US citizens. 

First, the post introduces a divisive US issue, such as border policies, immigration, or racial tensions. Then it asks, “What’s your reaction?”

Microsoft speculates that this technique is employed to gather insights from key voting demographics in the United States. China’s influence operations may extend to the high-profile elections in India, the US, and South Korea.

“While the impact of such content in swaying audiences remains low, China’s increasing experimentation in augmenting memes, videos, and audio will continue – and may prove effective down the line,” Microsoft warned. – Rappler.com