Chinese state-sponsored hackers break into mail servers used by ASEAN members – report

Kyle Chua
Chinese state-sponsored hackers break into mail servers used by ASEAN members – report
Wired reports the February 2022 theft of over 30GB of data consisting of more than 10,000 emails sent by member countries

MANILA, Philippines – Chinese state-sponsored hackers managed to breach the mail servers operated by the Association of Southeast Asian Nations (ASEAN) in February last year, stealing a trove of data that may have contained strategic information about the economy and politics of member countries. 

According to a cybersecurity alert obtained by WIRED, the hackers stole over 30GB of data, consisting of more than 10,000 emails sent by member countries, breaking into servers in February 2022. The alert was sent to cybersecurity agencies and foreign affairs ministries, among other governmental organizations in all 10 of the ASEAN member countries, such as Thailand, Malaysia, Singapore and the Philippines. 

The cyberattack came a few weeks ahead of US President Joe Biden hosting ASEAN leaders at the White House for diplomatic discussions, the agenda of which included countering the influence of China in the region. Biden in the two-day summit also pledged $150 million for ASEAN countries to spend on their infrastructure, security, and pandemic response. 

The Chinese threat actors reportedly leveraged “valid credentials” to compromise ASEAN’s Microsoft Exchange servers, which used and domains. They also abused four Microsoft Exchange vulnerabilities as part of the cyberattack. 

The alert notes this isn’t the first time Chinese hackers compromised ASEAN, with the intergovernmental organization previously being targeted in July 2021 and between May and October 2019. 

Experts believe ASEAN is continuously being targeted by Chinese hackers because the data it holds is key to understanding political and economical feelings in the region. 

China has invested heavily in the region through the Belt and Road Initiative, a plan that develops trade routes connecting the Asian superpower with other countries in the world. That initiative, however, also grows China’s economic and political sway, resulting in some friction with its neighbors. The territorial disputes in the South China Sea involving China, the Philippines, Indonesia and Vietnam, among others, is one such example of the kind of geopolitical friction that may arise from the Chinese government’s forceful securitization strategy. 

“The identified intrusion campaigns almost certainly support key strategic aims of the Chinese government, such as gathering intelligence on countries engaged in South China Sea territorial disputes or related to projects and countries strategically important to the Belt and Road Initiative,” the alert reads. 

Recorded Future, a cybersecurity firm, has tracked 10 Chinese-linked groups targeting Southeast Asian countries in the past two years. The firm throughout 2021 also detected 400 servers in Southeast Asia that were communicating with malware infrastructure likely deployed by Beijing-backed threat actors. Among the ASEAN countries targeted the most were Malaysia, Indonesia, and Vietnam. –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.