Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Microsoft: China Group Hacking Asian Telecom Phone Records
Attacks Spike in 2023, Targeting Governments, Militaries, Infrastructure
Microsoft said Chinese state-affiliated groups have stepped up cyberattacks in 2023 against countries in the South China Sea region - even hacking telecom firms to steal call records for cyberespionage. The most active group, Raspberry Typhoon, targets governments, militaries and infrastructure.
See Also: Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape
Microsoft researchers said Raspberry Typhoon, also known as APT30 and Radium, targets organizations related to national defense, trade and the economy with malware attacks aimed at collecting intelligence for the Chinese state.
Attackers, for example, hacked billing servers at telecommunications companies to continually access "call detail record data, as well as key network components such as the domain controllers, web servers and Microsoft Exchange servers," Microsoft said.
The researchers said the increase in attacks mirrors growing political tensions in the region. "Chinese state-affiliated threat actors show continued interest in the South China Sea and Taiwan, which reflects China's wide range of economic, defense and political interests in this region," they said. "Conflicting territorial claims, rising cross-Strait tensions and an increased U.S. military presence may all be motivations for China's offensive cyber activities."
According to Mitre, Raspberry Typhoon is similar to another Chinese APT group known as Naikon, though some of the group's attack tools and techniques differ. Naikon, first observed by threat researchers in 2010, mainly targets ASEAN countries and is associated with the Chinese People's Liberation Army's Second Technical Reconnaissance Bureau.
Microsoft said Flax Typhoon, also known as Storm-0919, is the most active threat group in Taiwan this year. The researchers said it targeted telecommunications, education, information technology and energy infrastructure using custom VPN appliances to establish a presence in targeted networks.
The threat group, according to Microsoft's assessment, also collaborated with fellow Chinese group Charcoal Typhoon, also known as Chromium, to target Taiwanese educational, energy and manufacturing sectors, particularly aerospace companies working with the Taiwanese military.
