Focus
Security

US allies in Indo-Pacific face surging Chinese cyberattacks

As Chinese state-backed hackers escalate cyberattacks across the Indo-Pacific, US allies find themselves on the digital front lines of Beijing's geopolitical ambitions.

A server cabinet with flashing lights and cables, photographed on April 30, 2024. As Chinese cyberattacks surge, analysts are urging Indo-Pacific democracies to strengthen collective defenses. [Julian Stratenschulte/dpa Picture-Alliance via AFP)
A server cabinet with flashing lights and cables, photographed on April 30, 2024. As Chinese cyberattacks surge, analysts are urging Indo-Pacific democracies to strengthen collective defenses. [Julian Stratenschulte/dpa Picture-Alliance via AFP)

By Jia Feimao |

A sophisticated cyberattack on South Korea's largest telecom provider has exposed a new front in China's digital offensive against US allies.

Hackers used a stealth malware tool known as the "BPFdoor" (Berkeley Packet Filter door), a hallmark of Chinese state-backed groups, to breach SK Telecom's network and steal vast amounts of user data, according to a Chosun Ilbo report on June 7.

The almost three-year-long attack, which SK Telecom discovered in April, was part of a broader surge targeting Japan, South Korea and Taiwan. It indicates an aggressive push by Beijing's cyber operatives to pressure key players along the strategic first island chain in the Western Pacific.

Meanwhile, a study published in May by US cybersecurity firm Proofpoint revealed that Chinese-speaking hackers have applied a phishing toolkit named CoGUI against Japanese organizations.

Those hackers impersonate well-known consumer brands and financial institutions to steal user passwords, payment data and other sensitive information for financial gain, then reinvested the illegal profits in Chinese stocks and other assets.

Taiwan, often described as a training ground for hackers to victimize, is especially familiar with cyberattacks from China.

The average number of daily attacks on Taiwan's government internet services reached 2.4 million in 2024, more than double the 1.2 million daily average in 2023, according an analysis published by Taiwan's National Security Bureau on January 5.

Taiwanese investigators attributed the majority of these to Chinese cyber forces.

The most significant increase in attacks by Chinese cyber forces occurred in communications, transportation and defense supply chains, the report said.

During China's 2024 military exercises directed at Taiwan, Chinese cyber forces employed distributed denial-of-service (DDoS) attacks as one of their methods. These attacks targeted Taiwan's transportation and financial institutions in an effort to "intensify harassment and expand military intimidation," it highlighted.

Targets for Beijing

Hacker groups backed by or affiliated with the Chinese government have long been a major concern for various countries.

"All of China's cyberattacks are aimed at supporting the Chinese Communist Party's long-term political, economic and military objectives," Tu Chen-yi, assistant research fellow at Taiwan's Institute for National Defense and Security Research, told Focus.

In the context of US-China relations, "Chinese hackers' targets will certainly not be limited to the United States," she said.

"Naturally, Washington's allies -- Taiwan, Japan and South Korea, all located along the first island chain in the Pacific -- have ... become targets for Beijing's attempts to create chaos."

"Even Mongolia, which maintains relatively friendly ties with China, has not been spared," she said.

After Mongolia held its first strategic dialogue with the United States last July, hackers struck its Ministry of Defense a month later -- likely RedDelta, a Chinese government-backed group, according to Tu.

RedDelta used fake documents to carry out attacks on Taiwan and Southeast Asian countries from July 2023 to December 2024 and likely hacked the Communist Party of Vietnam's electronic systems last November, according to cyber threat intelligence firm Insikt Group.

Criminal activity

Hacker groups supported by the Chinese government extort private companies and individuals for their own gain, Tu noted.

"After being tasked by Beijing, these hackers often expand their attacks beyond their original targets. This is because the stolen data can be sold on the dark web or used to seek rewards from Beijing," she said.

Because these hackers act as "proxies," the Chinese authorities cannot fully control their actions, she added.

"But as long as their activities do not violate China's national interests, Beijing naturally turns a blind eye."

China's increasingly unrestrained hackers have become an international concern, said Tu.

Democratic allies must support and cooperate with each other -- "not only to share effective experience, but also to build collective defense capabilities through technical collaboration," she said.

Do you like this article?

Policy Link

Captcha *