China mercilessly hacks its neighbors
In May 2022, Joe Biden was on a charm offensive. The US president invited the leaders of 10 Southeast Asian nations to the White House for the first time for talks on the region, which is home to more than 600 million people. High on the agenda was China – a key trading partner for all countries, but also a potential threat to their stability. Biden pledged $150 million in additional support to the nations to help improve their security, infrastructure and ongoing pandemic response.
However, in the weeks leading up to the meeting, according to a cyber security alert seen by WIRED, hackers working on behalf of China stole thousands of emails and sensitive details from the Southeast Asian nations. The cyber espionage, which has not been previously reported, is the latest in a series of incidents in which Chinese-linked hackers have quietly compromised neighboring countries to gain political and economic information.
According to the cybersecurity alert, Chinese-affiliated hackers managed to break into email servers operated by the Association of Southeast Asian Nations (ASEAN) in February 2022 and steal a bunch of data. The ASEAN Organization is an intergovernmental body made up of 10 Southeast Asian countries, including Singapore, Malaysia and Thailand. This was the third time the organization has been compromised since 2019, the document says.
The hackers were able to steal “gigabytes” of emails sent by ASEAN countries, and the data was stolen “daily,” according to the cybersecurity alert. The attackers are believed to have stolen more than 10,000 emails, amounting to more than 30GB of data. The incident “affects all ASEAN members due to correspondence that was compromised,” the alert said. The alert was sent to cyber security agencies, foreign ministries and other government organizations in all 10 ASEAN member states.
Haji Amirudin Abdul Wahab, chief executive of CyberSecurity Malaysia, an agency under the country’s Ministry of Science, Technology and Innovation, says it received the alert in 2022, alerted officials in the country, and generally condemns hacking. Other affected nations declined to comment or did not respond to WIRED’s request for comment. The ASEAN group itself did not respond to repeated requests for comment.
China’s embassy in the United States did not immediately respond to a request for comment.
Amplified voices, silent theft
“ASEAN is very important as the most important regional grouping, not only in Southeast Asia but also beyond,” says Susannah Patton, director of the Southeast Asia program at the Australian think tank Lowy Institute. Patton explains that ASEAN helps coordinate Southeast Asian policy across a range of different areas. “Even outside of Southeast Asia, ASEAN has an important role because it convenes or organizes other major regional summits,” says Patton. As a result, the data it holds can be useful in understanding political sentiment in the region.
ASEAN helps “amplify” the voices of the 10 member countries involved in it, says Scot Marciel, an Oksenberg-Rohlen Fellow at Stanford University and former US ambassador to Indonesia and Myanmar. The group holds both formal meetings and informal talks, says Marciel, and will discuss everything from economic integration and infrastructure plans to trade negotiations and geopolitics. “These would be things I think Beijing would be interested in,” says Marciel.
