Skip to content

Chinese hackers observed targeting Southeast Asian government organisation

Chinese hackers observed targeting Southeast Asian government organisation
Security researchers have outlined a highly organised nation-state campaign engaging in reconnaissance and espionage against a high-level government organisation.

Table of Contents

Security researchers from Sophos have revealed a sophisticated nation-state campaign targeting a high-level government organization in Southeast Asia. The two-year-long campaign involved multiple clusters of Chinese state-backed hackers engaging in reconnaissance and espionage. The researchers uncovered three discrete clusters of Chinese threat actor activity, each using different tactics and tools. The most recent cluster, named Cluster Charlie, has been active between March 2023 and April 2024, and is still ongoing. According to Sophos, the hackers have exfiltrated a large amount of sensitive data for espionage purposes, including military and political documents and credentials. Paul Jaramillo, director of threat hunting and threat intelligence at Sophos, emphasized the aggressive development of cyber espionage operations in the South China Sea and warned organizations about the risks of focusing too much on any single Chinese attribution. To read the full article, a free membership is required.