Watch out: 4 PH gov’t agencies among prime targets of ‘China-sponsored’ spies, says US cyber firm


At least four Philippine government agencies were persistently targeted by hackers conducting cyber espionage operations across Southeast Asia which are believed to be sponsored by the Chinese government, a cybersecurity company based in the United States has revealed.

Civilian boats deliver supplies to Filipino soldiers stationed at BRP Sierra Madre in Julian Felipe Reef. (Photo: Department of National Defense Secretary Delfin Lorenza)

Recorded Future’s Insikt Group said it has been tracking Chinese state-sponsored cyber espionage operations targeting government and private sector organizations across Southeast Asia which are suppsoedly done to support the expansion of Beijing's regional power.

They found out that among those included in the hit list of the spies were the Philippine Navy (PN), Armed Forces of the Philippines (AFP), Presidential Management Staff, and the Department of Foreign Affairs (DFA).

“The identified intrusion campaigns almost certainly support key strategic aims of the Chinese government, such as gathering intelligence on countries engaged in South China Sea territorial disputes or related to projects and countries strategically important to the Belt and Road Initiative (BRI),” the Insikt Group said in a report released last December 8.

On the part of the security sector, the AFP and PN have yet to issue a formal statement on the matter.

However, two military officers contacted by the Manila Bulletin said the issue will be discussed with “cognizant staff who has purview over the matter.”

Recorded Future said that it is "the world’s largest provider of intelligence for enterprise security" with clients that are over 1,000 businesses and government organizations worldwide.

Cyber espionage

According to the American cybersecurity firm, hackers sponsored by the Chinese government have “traditionally been highly active” in targeting rival claimants in the South China Sea as its operational tempo often mirrors increased geopolitical tensions.

(Screenshot from Recorded Future's Insikt Group report)

Aside from the Philippines, similar cyber espionage operations have also been detected in Malaysia, Indonesia, Vietnam, Myanmar, Laos, Thailand, Singapore, and Cambodia.

“For instance, escalating tensions related to China’s development of artificial islands containing port facilities, airstrips, and military buildings within the disputed Spratly Islands archipelago reportedly led to increased activity from Chinese state-affiliated groups in 2015,” Insikt Group said.

“This activity entailed reconnaissance and phishing campaigns targeting rival claimants throughout the development of the artificial islands, which intensified as the PRC’s progress was increasingly reported in local media throughout the region,” the firm said.

Spratly Island Group, also known as the Kalayaan Island Group, houses Kalayaan municipality including Pag-asa (Thitu) Island, the biggest Philippine outpost and one of the country’s nine detachments in the West Philippine Sea (WPS).

But as early as 2012, China has militarized the island group as it built at least seven artificial islands and outposts in Spratlys.

These are in Bajo de Masinloc or Panatag (Scarborough) Shoal, Burgos (Gaven) Reef, Calderon (Cuarteron) Reef, Kagitingan (Fiery Cross) Reef, McKennan (Hughes) Reef, Panganiban (Mischief) Reef, and Zamora (Subi) Reef.

They stealthily succeeded in claiming ownership of these areas by spying on them, according to Insikt Group.

“We attribute this activity to a Chinese state-sponsored group that we track as Threat Activity Group 16 (TAG-16). We also identified evidence suggesting that TAG-16 shares custom capabilities with the People’s Liberation Army (PLA)-linked activity group RedFoxtrot,” it said.

In March this year, the National Task Force for the West Philippine Sea (NTF-WPS) monitored an increased presence of PLA-Navy, maritime militia, and fishing vessels in the vicinity waters of Julian Felipe Reef in the WPS, located approximately 175 nautical miles from Bataraza, Palawan and within the country’s 200 nautical mile exclusive economic zone (EEZ).

More than 280 Chinese vessels were found moored in line formation near the reef. The intention of the vessels were never clearly established.

Several other incidents of Chinese vessels spotted in the Philippines’ territory were recorded, but the latest incident which happened last month elicited a strong reaction from President Duterte – the blocking of civilian supply boats that were en route to Ayungin (Second Thomas) Shoal.

The incident happened on November 16 when three Chinese Coast Guard vessels fired water cannons on two Philippine civilian boats that were supposed to deliver food and other supplies to soldiers stationed at BRP Sierra Madre in Ayungin Shoal.

“We abhor the recent event in the Ayungin Shoal and view with grave concern other similar developments. This does not speak well of the relations between our nations and our partnership,” Duterte said in a speech at the ASEAN-China Special Summit on November 22.