Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Microsoft: China Group Hacking Asian Telecom Phone Records

Attacks Spike in 2023, Targeting Governments, Militaries, Infrastructure
Microsoft: China Group Hacking Asian Telecom Phone Records
A South Korean Incheon-class frigate patrolling the South China Sea (Image Shutterstock)

Microsoft said Chinese state-affiliated groups have stepped up cyberattacks in 2023 against countries in the South China Sea region - even hacking telecom firms to steal call records for cyberespionage. The most active group, Raspberry Typhoon, targets governments, militaries and infrastructure.

See Also: Would You Rather be Cloud Smart or Cloud First in Government?

Microsoft researchers said Raspberry Typhoon, also known as APT30 and Radium, targets organizations related to national defense, trade and the economy with malware attacks aimed at collecting intelligence for the Chinese state.

Attackers, for example, hacked billing servers at telecommunications companies to continually access "call detail record data, as well as key network components such as the domain controllers, web servers and Microsoft Exchange servers," Microsoft said.

The researchers said the increase in attacks mirrors growing political tensions in the region. "Chinese state-affiliated threat actors show continued interest in the South China Sea and Taiwan, which reflects China's wide range of economic, defense and political interests in this region," they said. "Conflicting territorial claims, rising cross-Strait tensions and an increased U.S. military presence may all be motivations for China's offensive cyber activities."

According to Mitre, Raspberry Typhoon is similar to another Chinese APT group known as Naikon, though some of the group's attack tools and techniques differ. Naikon, first observed by threat researchers in 2010, mainly targets ASEAN countries and is associated with the Chinese People's Liberation Army's Second Technical Reconnaissance Bureau.

Microsoft said Flax Typhoon, also known as Storm-0919, is the most active threat group in Taiwan this year. The researchers said it targeted telecommunications, education, information technology and energy infrastructure using custom VPN appliances to establish a presence in targeted networks.

The threat group, according to Microsoft's assessment, also collaborated with fellow Chinese group Charcoal Typhoon, also known as Chromium, to target Taiwanese educational, energy and manufacturing sectors, particularly aerospace companies working with the Taiwanese military.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.