Skip to main content

Advertisement

Advertisement

Chinese hackers target Belt and Road projects, M'sia a likely victim, says cyber security firm

KUALA LUMPUR - Chinese state-sponsored hackers are targeting companies and countries involved in projects under China’s Belt and Road Initiative (BRI), and Malaysia could be a prime target, said an American cyber security firm on Wednesday (Aug 15). The firm, FireEye, said that it had found indications that cyber espionage activities were increasing throughout Southeast Asia, as Chinese “advanced persistent threats” groups and others sought to gain information on BRI projects and deals.

A Chinese Belt and Road project in Sri Lanka.

A Chinese Belt and Road project in Sri Lanka.

KUALA LUMPUR - Chinese state-sponsored hackers are targeting companies and countries involved in projects under China’s Belt and Road Initiative (BRI), and Malaysia could be a prime target, said an American cyber security firm on Wednesday (Aug 15).

The firm, FireEye, said that it had found indications that cyber espionage activities were increasing throughout Southeast Asia, as Chinese “advanced persistent threats” groups and others sought to gain information on BRI projects and deals.

“This includes both Chinese cyber espionage activity targeting countries in the region and other nation-state cyber operations targeting Chinese organisations,” it said.

China is also alleged to have targeted Belarus, the Maldives, Cambodia as well as European foreign ministries and non-governmental organisations.

“They appear to be interested in countries where there is a lot of money at stake for them or where policies are being created that would affect future projects,” said Sandra Joyce, FireEye's head of global intelligence operations.

Malaysia's recent political changes and its reassessment of China-backed projects put it at heightened risk of such activity, she told a media briefing.

"Malaysia is looking more and more like a typical target of Chinese state-sponsored cyber activity," she said.

"As Chinese investments continue to be scrutinised, that is going to be a motivator for groups ... to gain more intelligence and information on the future of these projects."

Malaysian Prime Minister Mahathir Mohamad, who took power after an election win in May, will be in China on Friday seeking to renegotiate and possibly cancel billions of dollars worth of Chinese-invested projects authorised by his predecessor, Najib Razak.

Dr Mahathir had earlier criticised the contracts for some of the projects as “unfair” and not viable.

China's BRI, unveiled in 2013, aims to develop a network of land and sea links with Southeast Asia, Central Asia, the Middle East, Europe and Africa.

China’s foreign ministry did not immediately respond to a request for comment but the country routinely denies accusations of involvement in hacking and says it is a main victim of it.

“Cyber espionage activity related to the initiative (BRI) will likely include the emergence of new groups and nation-state actors,” said FireEye, which has over 7,100 customers across 67 countries.

“Regional governments along these trade routes will likely be key targets of various espionage campaigns,” it added, noting that apart from China, rising regional cyber actors such as Vietnam have been willing to employ their espionage capabilities against foreign corporations conducting business inside their borders.

“Similarly, there may be a willingness for other nation-state actors to aggressively target private sector organisations contributing to BRI.”

Compounding the problem is the fact that companies in Asia Pacific take almost five times as long as the global median time to detect cyber attacks.

“One reason cyber espionage is prevalent in Southeast Asia is because most organisations are not able to detect the intrusion,” said Ms Joyce.

She said Malaysian targets could include any company or agency involved in a US$20-billion (S$27.6 billion) East Coast Rail Link project.

The 688-km project, linking Malaysia's west coast with ports in the east, has been suspended pending discussions over pricing and graft allegations.

Dr Mahathir's government also halted work on two projects worth more than US$2.3 billion awarded to the China Petroleum Pipeline Bureau.

The Malaysian prime minister's office did not immediately respond to a request for comment, while a spokesman for the foreign ministry declined to comment.

FireEye alleged that a Chinese hacker group called TEMP.Toucan has already tried to breach Malaysian public and private organisations.

Ms Joyce said its observations on Malaysia were in keeping with developments in other countries with major BRI interests such as Belarus, which has been targeted by a Chinese group called Roaming Tiger.

China is building its biggest European industrial park in Belarus.

“Belarus is likely seen as a key component in making inroads into Eastern Europe, and with upward of US$150 billion USD in projected funding riding on the overall success of the initiative, other strategic points, industries, and security organisation along the route will likely be targeted.”

FireEye also said malware “unique to Chinese espionage groups” attacked international non-governmental organisations with links to the BRI in late 2017 and that phishing emails with the Toysnake malware “previously used

by multiple Chinese espionage groups” targeted multiple European foreign ministries at around the same time.

FireEye added that a China-based group identified as TEMP.Periscope had also interfered in a general election in Cambodia, breaching systems used by several Cambodian state agencies and political entities. 

Experts said that beyond monitoring the BRI projects or information gathering, China likely wants to use data collected to damp down dissent.

“It’s also about controlling debate and ideas where that has specific security and diplomatic consequences,” Samantha Hoffman, a research consultant at IISS, a think-tank, told The Financial Times.

According to Ms Hoffman, “data courier stations” in foreign countries including ecommerce platforms, Confucius Institutes, telecoms networks, transportation companies, hotels, financial payment institutions and logistics companies “would send data via back-ends to a centralised analysis centre in China”. AGENCIES

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.