Microsoft Reveals China Spying on Strategic Partners, Including RI
Illustration. Cyber espionage operations are suspected to have been carried out by China against Indonesia. (iStock/gorodenkoff)
-- Not only the US, cyber espionage operations allegedly carried out by China targeted a number of Asia Pacific countries and even strategic trading partners such as Indonesia.
In the Microsoft Digital Defense Report 2023, China's state-sponsored campaign "reflects the Chinese Communist Party's (CCP) dual efforts to gain global influence and intelligence gathering."
"China is also targeting its strategic partners," Microsoft wrote.
As it expands its global influence through the Belt and Road Initiative (BRI), China's cyber threat actors are simultaneously conducting cyber operations against private and public entities globally.
"They often target countries that align with the Chinese Communist Party's BRI strategy--including Malaysia, Indonesia, and Kazakhstan," Microsoft said. "And foreign ministries throughout Europe, Latin America and Asia to conduct economic espionage or intelligence gathering," the report continued.
Microsoft revealed this intelligence collection was primarily related to countries dealing in the South China Sea. The company owned by billionaire Bill Gates detected cyber incidents in the South China Sea attributed to Chinese state-sponsored hacking groups in the period July 2022 - June 2023.
According to Microsoft Threat Analysis Center investigations data, the following countries were targeted by cyber espionage operations based on the incident figures above:
- Taiwanese (70+)
- Malaysian (30+)
- Philippines (20+)
- Indonesian (20+)
- Brunei (<20)
- Singapore (<20)
- Vietnam (<20)
"While China continues to focus on Taiwan, it is also interested in the plans, intentions, and capabilities of its neighbors," Microsoft said.
Hacker group
Microsoft revealed a sophisticated targeting campaign against the US, countries bordering the South China Sea, and strategic partners aimed at intelligence gathering.
The company revealed five groups that were suspected of being sponsored by China, namely Volt Typhoon, Raspberry Typhoon, Flax Typhoon, Circle Typhoon, and Mulberry Typhoon.
The main threat groups in the South China Sea region itself are Raspberry Typhoon and Flax Typhoon.
Raspberry Typhoon targets Association of Southeast Asian Nations (ASEAN) government ministries, military entities, and corporate entities related to critical infrastructure, particularly telecommunications. The group conducts intelligence gathering using sophisticated spear-phishing campaigns to smuggle in their malware (malicious programs).
"Since January, the group has consistently targeted ministry-level entities related to trade, intelligence, and finance," Microsoft said.
"Flax Typhoon targets Taiwan's critical infrastructure including IT and medical-related entities, the defense sector, including contractors working with the US government, and media entities."
Flax Typhoon often gathers information about its targets, finds vulnerabilities, and then leverages custom VPN solutions to gain access and maintain persistence on the victim's network.
When commenting on a similar report from cybersecurity firm Mandiant, in June, quoted by the AP, China accused the US of also carrying out cyber espionage operations against them by hacking university and company computers.
In 2018, China's Foreign Ministry briefly denied "slander" by the US and other allies of economic espionage, and urged Washington to withdraw its accusations. "We urge the US side to immediately correct its wrong actions and stop its slander regarding internet security," the statement said, quoted by Reuters.
"The US's unwarranted criticism of China in the name of so-called 'cyber theft' is a form of blaming others when oneself is to blame, and constitutes self-deception."
Microsoft Ungkap China Mata-matai Mitra Strategis, Termasuk RI
Ilustrasi. Operasi mata-mata siber diduga dilakukan China terhadap RI. (iStock/gorodenkoff)
Jakarta, CNN Indonesia --
Tak cuma AS, operasi mata-mata siber (cyber espionage) yang diduga dilakukan China menargetkan sejumlah negara Asia Pasifik dan bahkan mitra dagang strategisnya seperti Indonesia.
Dalam Microsoft Digital Defense Report 2023, kampanye yang disponsori negara China "mencerminkan upaya ganda Partai Komunis China (PKC) dalam memperoleh pengaruh global dan pengumpulan intelijen."
"China juga menargetkan mitra strategisnya," tulis Microsoft.
Saat memperluas pengaruh globalnya melalui Inisiatif Sabuk dan Jalan (Belt and Road Inisiative/BRI), pelaku ancaman siber China secara bersamaan melakukan operasi siber terhadap entitas swasta dan publik secara global.
"Mereka sering menargetkan negara-negara yang sejalan dengan strategi BRI dari Partai Komunis China--termasuk Malaysia, Indonesia, dan Kazakhstan," ungkap Microsoft.
"Dan kementerian luar negeri di seluruh Eropa, Amerika Latin, dan Asia untuk melakukan spionase ekonomi atau pengumpulan intelijen," lanjut laporan itu.
Microsoft mengungkap pengumpulan informasi intelijen ini terutama terkait dengan negara-negara yang berurusan di Laut China Selatan.
Perusahaan milik miliarder Bill Gates ini mendeteksi insiden dunia maya di Laut China Selatan yang dikaitkan dengan kelompok peretasan yang disponsori negara China pada periode Juli 2022 - Juni 2023.
Menurut data Microsoft Threat Analysis Center investigations, berikut negara yang jadi target operasi mata-mata siber berdasarkan angka insiden di atas:
- Taiwan (70+)
- Malaysia (30+)
- Filipina (20+)
- Indonesia (20+)
- Brunei (<20)
- Singapura (<20)
- Vietnam (<20)
"Meskipun China terus fokus pada Taiwan, China juga tertarik dengan rencana, niat, dan kemampuan negara-negara tetangganya," kata Microsoft.
Kelompok hacker
Microsoft mengungkap kampanye penargetan yang canggih terhadap AS, negara-negara yang berbatasan dengan Laut China Selatan, dan mitra strategis itu bertujuan untuk pengumpulan intelijen. Perusahaan mengungkap lima kelompok yang diduga disponsori China, yakni Volt Typhoon, Raspberry Typhoon, Flax Typhoon, Circle Typhoon, dan Mulberry Typhoon.
Kelompok ancaman utama di wilayah Laut China Selatan sendiri adalah Raspberry Typhoon dan Flax Typhoon.
Raspberry Typhoon menargetkan kementerian pemerintah Perhimpunan Bangsa-Bangsa Asia Tenggara (ASEAN), entitas militer, dan entitas perusahaan yang terkait dengan infrastruktur penting, khususnya telekomunikasi.Kelompok ini melakukan pengumpulan intelijen menggunakan kampanye spear-phishing yang canggih untuk menyelundupkan malware (program jahat) mereka.
"Sejak Januari, kelompok ini terus-menerus menargetkan entitas setingkat kementerian yang berkaitan dengan perdagangan, intelijen, dan keuangan," kata Microsoft.
"Flax Typhoon menargetkan infrastruktur penting Taiwan termasuk IT dan entitas terkait medis, sektor pertahanan, termasuk kontraktor yang bekerja dengan pemerintah AS, dan entitas media."
Flax Typhoon sering mengumpulkan informasi tentang targetnya, menemukan kerentanan, dan kemudian memanfaatkan solusi VPN khusus untuk mendapatkan akses dan mempertahankan persistensi di jaringan korban.
Saat mengomentari soal laporan sejenis dari firma keamanan siber Mandiant, Juni, dikutip dari AP, China menuding AS juga melakukan operasi mata-mata siber terhadap mereka dengan cara meretas komputer universitas dan perusahaan.
Pada 2018, Kementerian Luar Negeri China sempat membantah "fitnah" dari AS dan sekutu lainnya soal spionase ekonomi, dan mendesak Washington untuk menarik tuduhannya.
"Kami mendesak pihak AS untuk segera memperbaiki tindakannya yang salah dan menghentikan fitnahnya terkait keamanan internet," kata pernyataan itu, dikutip dari Reuters.
"Kritik AS yang tidak beralasan terhadap China atas nama apa yang disebut 'pencurian dunia maya' adalah bentuk menyalahkan orang lain padahal diri sendiri yang harus disalahkan, dan merupakan penipuan diri sendiri."