Chinese government-linked hackers stole thousands of megabytes of data last year from ASEAN and member-states that may have contained strategic information on the South China Sea and talks with Washington, a cybersecurity firm and analysts said Thursday.
Confirming the theft reported this week by Wired magazine, cybersecurity firm Digital Forensic Indonesia said these hackers stole 30,000 megabytes of data, including email correspondence, from the ASEAN Secretariat and contacts in member states in 2022.
“The servers used by the ASEAN secretariat had many security gaps, so hackers managed to access it remotely and steal the data,” firm chief executive Ruby Alamsyah told BenarNews.
The Microsoft Exchange email server stored emails from Association of Southeast Asian Nations (ASEAN) officials and contacts in each member country, Ruby said.
The ASEAN Secretariat has not released information on the specific impact of the cyberattacks.
Ruby said similar attacks on the ASEAN secretariat occurred several times since 2019 and called the hackers “state actors.”
ASEAN servers were not sufficiently secured, Ruby said, as he urged the regional bloc to work together to strengthen cyber defenses.
American magazine Wired, citing a cybersecurity alert, reported this week that Chinese-linked hackers were able to break into mail servers operated by ASEAN in February 2022 and steal a trove of data.
The attack came ahead of a summit between the United States and ASEAN in Phnom Penh and occurred at a time when ASEAN countries were trying to balance their relationships with China and the United States.
Economic ties between ASEAN countries and China have been increasing, while at the same time member countries have concerns about Beijing’s territorial claims to nearly all of the South China Sea. The two sides are to resume talks on a code of conduct for the waterway later this month in Indonesia.
ASEAN member-states Brunei, Malaysia, the Philippines and Vietnam have their own territorial claims to portions of the waterway that overlap with China. The South China Sea is one of the world’s busiest for shipping and a source for oil, natural gas and minerals.
While Indonesia does not regard itself as a party to the dispute, Beijing claims historic rights to parts of the sea overlapping its exclusive economic zone.
Hunter S. Marston, an Asia researcher at the National University of Australia, said news about the breach of ASEAN servers by Chinese-state-linked actors was “a serious breach of ASEAN’s trust.”
“This kind of behavior is equivalent to China’s predatory economic practices and there is a lot of strategic information that Beijing finds attractive – from negotiations on the Code of Conduct in the South China Sea to discussions on strategic partnerships with Australia or the United States,” Marston told BenarNews.
He predicted that in the short term, no ASEAN member-state would risk damaging its relationship with China.
“But in the long term, it will undoubtedly add to the lack of strategic trust between ASEAN and China,” he said.
Similarly, Dewi Fortuna Anwar, co-founder of the Foreign Policy Community Indonesia, said such actions were counterproductive and would fuel suspicion toward China.
“It would be an unfriendly act toward ASEAN as a regional organization and its member states,” Dewi told BenarNews.
‘Shame such predatory behavior’
Muhammad Thufaili, a researcher at the Artificial Intelligence and Cybersecurity Research Center in Indonesia, cited Southeast Asia’s growing prosperity as a reason it has become attractive to hackers.
“ASEAN has become a target because the region is growing rapidly economically,” Thufaili said.
China has been a big partner for Southeast Asian nations, owing to its geographic proximity, and therefore has been ASEAN’s largest trading partner for 12 consecutive years. China’s trade with ASEAN in 2020 trade reached nearly U.S. $517 billion, according to ASEAN data, while U.S-ASEAN trade stood at $362 billion.
Washington is playing catch up, having launched the Indo-Pacific Economic Framework for Prosperity deal in May 2022. Initial partners included initial partners, including seven of 10 member-states of ASEAN.
Beijing was not happy. It called the framework an attempt by Washington to lure Southeast Asian countries to “decouple from China.”
The Wired article suggested that Chinese-state linked cyber theft could be on the rise with the U.S. increasing its focus on Asia.
Analyst Marston said that while ASEAN should form a united response to this cyber breach, it is “highly unlikely” to happen.
“That said, individual ASEAN states should broadcast China’s violation and appeal to international legal norms in order to name and shame such predatory behavior,” he said.
Another cyber security analyst, though, injected a note of caution, saying China should not be blamed without solid evidence.
“We should refrain from pointing out who is guilty of doing espionage,” said Fitriani, a security analyst at the Jakarta-based Centre for Strategic and International Studies, who uses one name.
“Since 2015 there have been advanced persistent threats targeting ASEAN member states and ASEAN Secretariat suspected to be from China because at that time the Philippines brought China to an international tribunal regarding the South China Sea dispute.”
Fitriani suggested ASEAN strengthen cybersecurity measures through standardizing training, systems and encryption, updating security protocols regularly, raising awareness among users of sensitive information and enhancing capacity building across critical infrastructure sectors.
Indonesia’s Thufaili said there was little cybersecurity cooperation at among ASEAN members.
“Right now, cooperation appears to be at the level of policy coordination only and not at the level of CERTs (Computer Emergency Response Teams) that are fully operational,” he said.
ASEAN launched a Cybersecurity Cooperation Strategy document in 2017 as a roadmap for regional cooperation to achieve a secure cyberspace.
The document has been updated for the period 2021 to 2025 and focuses on strengthening governance and resilience as well as innovation.
Murugason R. Thangaratnam, chief executive of Malaysian cybersecurity company Novem CS, said he hoped the latest document would focus on sharing ideas and stories.
“Cross-border cooperation is key,” he told BenarNews.
“We need to have the mentality of them against us. Good guys versus bad guys.”
Tria Dianti, Arie Firdaus and Nazarudin Latif in Jakarta and Iman Muttaqin Yusof in Kuala Lumpur contributed to this report.
This article originally appeared in Benar News
The views expressed above belong to the author(s)