Chinese hackers have been targeting Southeast Asia since 2013

Research has revealed that Chinese state-sponsored hackers have been targeting at least six different cyber espionage campaigns in the Southeast Asian region since 2013. These hackers have changed how they operate over the last three years.

The report by Unit 42, the threat intelligence team of Palo Alto Network links major cybercrime campaigns to a Chinese hacker group called PKPLUG. The name hints the popular tactic that these Chinese hackers use for delivering PlugX malware inside ZIP files. These ZIP files are identified with the signature “PK”. The group has been seen installing backdoor Trojan implements on systems and mobile devices.

South Asian countries including Myanmar, Taiwan, Vietnam, and Indonesia are the main targets of the PKPLUG Group. Ever since the Chinese government started pouring resources to bring the change, the hackers have changed their techniques. They have built new methods to carry out hacks of iPhone and Android software, pushing their reach beyond email phishing campaigns.

Some of these hackers also target the ethnic minorities in China and their diaspora in other South Asian countries. Facebook and Twitter had taken down a large network of Chinese bots that was involved in spreading misinformation.

The improved abilities of these hacker groups have put them on par with Russian cyberunits. Google researchers have tracked attacks against iPhones. The software flaws found in these devices link to Chinese hackers. The vulnerability was being exploited to infect visitors of certain websites.

One of the recently discovered hacking campaign exploited flaws in Android OS as well. Several websites had been infected with the Android malware. There are a large number of victims from these hacking campaigns. The latest research peeks into PKPLUG’s activities.