A latest report has found that at least 8 government and military entities in the vicinity of the South China Sea have been invaded by a hacker organization allegedly aligned with the interests of the Chinese Communist Party (CCP).
According to the investigation report released on Wednesday, May 22, by Bitdefender Labs, a security software development company, these systems used by high-level organizations in these countries have been invaded by hackers for at least five years, and access has been repeatedly regained. The report did not specify which countries’ systems were invaded, nor did it mention whether these countries were aware of these incidents before Bitdefender’s investigation.
Bitdefender has named this previously unknown hacker organization that launched cyberattacks against South China Sea countries “Unfading Sea Haze” and pointed out that “the targets and nature of these attacks indicate their alignment with the interests of China (CCP).” The report stated that the primary target of these cyberattacks appears to be espionage activities.
The South China Sea is a fiercely disputed region, with the CCP claiming sovereignty over almost the entire South China Sea and disregarding sovereignty claims from countries like the Philippines and others, ignoring international rulings that the CCP’s claims have no legal basis.
The hackers not only targeted areas related to the disputed region but also used various Gh0st RAT variants – a tool commonly used by Chinese hackers, extensively employed in espionage activities by the CCP hackers.
Bitdefender stated that it is challenging to determine how the hackers initially breached these systems, as many attacks began at least 5 years ago, but they confirmed at least one method: spear-phishing emails.
These emails contained malicious documents that could install backdoors on victims’ systems, allowing hackers to return at any time. Once inside the system, the group would use various tools to expand access privileges to the network and often take over administrator accounts to gain more access.
The hackers also deployed several other types of malware to evade detection and collect browsing data, including passwords.
Bitdefender noted that this research aims to raise awareness of the ongoing threat posed by “Unfading Sea Haze” and underline the importance of enhancing cybersecurity practices. Additionally, the research supplements the extensive hacker attacks by the CCP on targets in Southeast Asia and the Pacific region over the past several years.