Hackers based in Beijing are spying on individuals across the South China Sea.

A report reveals a vast espionage operation carried out by the Chinese authorities against several states in the South China Sea.

The Chinese Communist Party carefully monitors all activities of its neighbors in the China Sea. A report published on May 22, 2024 by the cybersecurity company Bitdefender reports a vast espionage campaign targeting the governments of states in the south of the Middle Kingdom. “ At least eight government and military entities in the South China Sea have been compromised in recent years by a group aligned with Chinese interests “, we can read in the file. Cyber experts do not give the names of the impacted countries. The main states in the region are the Philippines, Malaysia, Indonesia, Vietnam and Singapore.

These operations were attributed to a collective of hackers still unknown according to Bitdefender researchers, called “Unfading Sea Haze”, in French: “the eternal sea mist”.

The choice and multiplicity of targets correspond to a large-scale operation linked to Chinese policy in the region. Among others, malware, such as Gh0st RAT (a Trojan), previously attributed to Chinese malicious actors, was detected by the cybersecurity company.

Europe and the United States are not spared from cyber espionage

Bitdefender said it had difficulty knowing how hackers initially gained access to certain systems. However, experts have noted a common method in every infiltration attempt: the “spear phishing” campaign. Concretely, hackers gather information about their target before pretending to be those around them and deceiving them. Sometimes hackers steal the email account of a colleague or loved one, then initiate a chat with this false identity.

The hacker group offers to download an official document available on the European Union website to deceive the victim. // Source: ESET Research — An email usurping the European Union and sent by Chinese hackers during a previous campaign. // Source : ESET Research

The attachments contained malware to sneak into computers. The campaign in this region of the world has been going on for at least five years.

Asian countries are not the only ones in Beijing's sights, since Europe and the United States are regularly victims of agents of Chinese power. Last February, a Chinese surveillance and infiltration program with French targets was leaked on the web.

More recently, the British Ministry of Defense was the victim of a cyberattack of Chinese origin, according to local media. Hackers had infiltrated the payroll system to obtain the personal information of British soldiers. The Chinese authorities did not react to these revelations.