The Cyber Defense eMagazine January Edition for 2024

over of this expanse dwarfs Russia’s attempted annexation of Ukraine – to a tune of five times – but was
rejected by the Permanent Court of Arbitration at The Hague in 2016.
From the People’s Liberation Army’s perspective, the United States has no business being anywhere
near the Taiwan Strait, Thomas Shoal, or anywhere within region of the ten dash line, where China claims
territory. For that reason, we should restrain our expectations as to the real beneft of the recent talks.
Given Chinese actions, we can rest assured that this will be tested soon. However, we should not expect
either the US-China Defense Policy Coordination Talks or the US-China Military Maritime Consultative
Agreement to fundamentally alter the trajectory of events in the second Thomas Shoal.
The Cyber Perspective
The Asia–Pacific region is host to the most prolific users of cyber as a tool of statecraft, with China being
the undisputed largest state sponsor of cyber attacks in the world. Many tensions in the region
(exacerbated by extra-regional powers like the U.S.) have the potential to escalate into conflict, and most
likely take place in cyberspace.
While Beijing was stirring up trouble in the Philippine Sea, the China-affiliated APT; Mustang Panda, has
been attacking governmental organizations in Manila. Researchers have also attributed three other
campaigns from this summer, primarily singling out organizations in the South Pacific to the same
Chinese APT. The campaigns leveraged legitimate software including Solid PDF Creator to sideload
malicious files which cleverly impersonated legitimate Microsoft traffic for command-and-control
connections.
Mustang Panda, also tracked under the name Bronze President, has been active since at least 2012,
orchestrating cyber espionage campaigns targeting both non-governmental organizations and
government bodies across North America, Europe, and Asia. This year, Mustang Panda and other APTs
have been focused on countries surrounding the South China Sea, where China presses territorial claims
on countries like the Philippines, Vietnam or Indonesia, as well as on the United States, with which China
is in conflict over primacy in the region and global affairs as a whole. Guam; a US territory in the Western
Pacific that is home to significant US military bases, has allegedly been targeted.
A joint advisory from all Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and
the United States) reported a major Chinese cyberespionage operation that has reportedly succeeded in
penetrating a range of US critical infrastructure sectors earlier this year. The attack is attributed to a
Chinese APT known as Volt Typhoon, a group that has been active for at least two years. The industries
of communications, manufacturing, utilities, transportation, construction, maritime industries,
government, information technology, and education have all become targets of the observed campaign.
The threat actor has likely been trying to conduct espionage and keep access without being discovered
for as long as feasible, according to the observed behavior.
Just recently, the Five Eyes issued another warning against, use of artificial intelligence in large scale
Chinese hacking campaigns, given AI‘s potential to amplify and augment the threat. Chinese hackers
have been mainly focusing on the defense industrial base, successfully compromising the networks of
contractors to the Pentagon’s U.S. Transportation Command 20 times in a single year, while many other
Cyber Defense eMagazine – January 2024 Edition 180
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.