Cyber invasion

Likely targeted by massive spying operations with the use of the internet, the Philippines has entered a conflict that it needed to confront immediately even ahead of threats transpiring in the real world.

The United Kingdom cyber security firm Sophos held a comprehensive research on intrusions that have the huge possibility of being coordinated by the state against a prominent agency of a Southeast Asian nation.

The information that was provided in the report was a giveaway on the Chinese target, saying that the espionage has a relation to the South China Sea conflict that points to the Philippines.

Sophos gave a worrying account of the hacking operations to obtain vital military information that the UK firm labeled the Crimson Palace project.

Crimson Palace is a long-running hacking operation by Chinese state actors that lasted from at least early 2022 until December 2023.

According to the Sophos report, a substantial part of the operations remain active and suggested an evolving campaign.

The sophistication of the virtual intrusions had advanced to the point of making them hard to detect. A cyber expert said that Chinese espionage through the cyber world “was once noisy and easily trackable.”

But now the expert said, “This is a new type of adversary.” The UK research pointed to several reasons to suspect that cyber espionage is state-sponsored.

One of the factors it pointed out is that the infiltration happens during office hours in Beijing, from 8 a.m. to 5 p.m,, Monday to Friday, suggesting a structured effort.

The hackers also operate by “clusters” since the report observed distinct variations in the timing of their operations.

“The clusters appear to schedule activity around one another, lending evidence the threat actors in the clusters may be aware of the other’s activities.”

The overall goal was to maintain access to the network of the unnamed country for cyberespionage in support of Chinese state interests.

“This includes accessing critical IT systems, performing reconnaissance of specific users, collecting sensitive military and technical information, and deploying various malware implants for command-and-control (C2) communications.”

An Armed Forces of the Philippines (AFP) insider has said the fragmented online operations of the government in the absence of a broadband backbone became a strength amid the attempts to steal information.

Since the government sites are not linked to each other, hackers do not gain automatic entry to the whole government system.

China, however, has a substantial influence on the utility infrastructure of the Philippines in which some experts suggest that vital services can be manipulated remotely.

Before the Sophos report, independent cyber security groups had raised alarm over the increase of malicious online activities in the Philippines.

At least eight government and military entities have been compromised in recent years by a group allegedly aligned with Chinese interests, a new report has found.

The researchers usually hide the identity of the countries that the Chinese hackers have been trying to access but the circumstances in their report always point to the Philippines, which has among the weakest defenses against online attacks in the region.

For nearly five years, hackers compromised and repeatedly regained access to systems used by the governments, according to researchers from Bitdefender.

The activity was connected to a previously unknown threat actor but noted that the “targets and nature of the attacks suggest alignment with Chinese interests.”

The primary goal of the campaign, they said, appears to be espionage.

Bitdefender initially struggled to know how the hackers gained entry to some systems because many of the attacks began at least five years ago, but they confirmed at least one method which is spearphishing emails.

Emails, some of which were sent as recently as May 2023, had malicious documents attached that installed a backdoor on their victims’ systems, allowing the hackers to return whenever they chose.

Once inside, the group used several tools to expand their access to a network and often took over administrator accounts to give them further access.

Truly scary is that the hackers, state-sponsored or not, appear to be looking for ways to take control of the country silently and without firing a shot.