16 Sep 2022 | Asia Cyber Summary

In the Spotlight this Week:

• Cyber Spies Drop New Infostealer Malware on Government Networks in Asia
• Indonesia Set to Pass New Data Privacy Law After Spate of Leaks
• Philippine Senate Probes Large-scale Phishing Scams
• Cyber Warfare: China Attacks Force Taiwan to Bolster Cyber Defenses
• Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research

Cyber Spies Drop New Infostealer Malware on Government Networks in Asia

Hackers have been discovered to be engaging in new cyber espionage activities focusing on government entities in Asia, including state-owned aerospace and defense firms, telecom companies, and IT organizations. The threat actors were previously associated with the “ShadowPad” remote access trojan (RAT), and were found to have adopted a dynamic-link library (DLL) order hijacking to infect systems. The current campaign is currently tied to the Chinese state-sponsored APT41 and Mustang Panda threat groups based on malicious tools previously linked to these espionage campaigns.

Indonesia Set to Pass New Data Privacy Law After Spate of Leaks

Data operators in Indonesia could face up to five years in jail and a maximum fine of IDR 5 Billion (USD 337, 000) for leaking or misusing private information, according to a new data privacy bill set to be passed by the Indonesian parliament this week. Under the new law, institutions may collect personal data for specific purposes but must delete all records within a span of two years once that purpose has been fulfilled. This bill is part of a move to improve the nation’s cyber security following the country’s forecast of its digital economy to grow by USD 146 billion by 2025, despite an increase in cyber breaches at companies and government institutions in the past year, including an alleged data leak of 105 million Indonesians.

Philippine Senate Probes Large-scale Phishing Scams

The Philippine senate has launched an investigation on large-scale phishing scams that aimed to steal passwords from mobile users for fraudulent transactions. The country’s two largest telecom providers, PLDT and Globe, have blocked more than 1 billion spam and suspicious text messages across both companies and have assured their 156 million mobile subscribers that their cyber security systems had not been breached. These phishing attempts surged during the pandemic as people increased their reliance on their mobile devices for shopping, food delivery orders, and banking. 

Cyber Warfare: China Attacks Force Taiwan to Bolster Cyber Defenses

Following heightened Chinese aggression, Taiwan has been beefing up its defense capabilities to include an increase of 15% on defense spending next year. Following a spate of cyber attacks on Taiwanese infrastructure after Nancy Pelosi's visit, China has been launching its next wave of cognitive warfare on Taiwan to include extensive disinformation campaigns to unnerve Taiwanese citizens. Hacking and fake news activities will be ramped up amid rising pressure from China, especially as Taiwan draws closer towards its local elections in November and presidential elections in January 2024.

Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research

An Iranian hacking group with ties to the Iranian government has been launching social engineering campaigns targeting individuals specializing in Middle Eastern affairs, nuclear security, and genome research. Cyber security researchers have been monitoring the threat group under the moniker APT42, Charming Kitten, and Phosphorus. The threat actors send out phishing emails that impersonate legitimate individuals at Western foreign policy research organizations, in order to gather sensitive information on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC). However, this phishing attack differs from usual phishing attacks as they utilize a tactic called multi-Persona Impersonation (MPI). MPI involves the use of multiple actor-controlled personas in the same email conversation to increase the likelihood that an individual would fall victim to the phishing email.

‍