View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 15, 2022

Chinese state-backed hacking gang Billbug targets governments across Asia

Chinese state-sponsored hackers are gathering intelligence on other governments and could access secure websites.

By Claudia Glover

Chinese state sponsored-hacking group Billbug has breached government and defence agencies throughout Asia, as part of a major campaign that has been ongoing since March. The gang also infiltrated a digital certificate authority, which could lead to Billbug accessing huge amounts of secure internet traffic.


Chinese government-sponsored hackers are attacking nation-state agencies throughout Asia. (Photo by katjen/Shutterstock)

New research from security vendor Symantec says Billbug is known to focus on targets in Asian countries. “In at least one of the government victims, a large number of machines were compromised by the attackers,” the Symantec research says.

Chinese APT gang Billbug attacks Asian governments

The allegedly state-sponsored hacking gang has also been referred to as Thrip, Lotus Blossom, Lotus Panda and Spring Dragon, and has previously been accused of infiltrating organisations in Hong Kong, Macau, Indonesia, Malaysia, the Philippines and Vietnam.

Analysts at Symantec estimate that this particular campaign is predominantly for information gathering. “The targeting of government agencies is most likely driven by espionage motivations,” the report says. “The threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns,” it reads.

During the campaign, the gang also managed to infiltrate a digital certificate authority. Symantec found this particularly alarming: “The certificate authority was likely targeted in order to steal legitimate digital certificates,” its researchers said.

This would allow Billbug to “potentially use compromised certificates to intercept HTTPS traffic”, referring to the protocol used by secure websites.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Symantec has not found any evidence of this yet, however, and says it has notified the certificate authority in question.

Sunak sees China as ‘systemic challenge’ to UK security

Chinese state-sponsored hackers are considered to be a threat to global security. Last month the head of the UK’s GCHQ Jeremy Fleming said that tech use by the Chinese government could represent a “huge threat to us all.”

Fleming said Beijing could use anti-satellite technology and central bank digital currency as weapons against its enemies abroad. Xi Jinping’s government seeks “to secure their advantage though scale and through control,” he said in a security lecture at the Royal United Services Institute think tank. “This means they see opportunities to control Chinese people rather than looking for ways to support and unleash their citizen’s potential. They see nations as either potential adversaries or potential client states, to be threatened, bribed or coerced.”

But after this tough talk on China and the threat it poses, Prime Minister Rishi Sunak appeared to row back on plans to officially categorise China as a “threat” to UK security which had been advanced by his predecessor Liz Truss, instead labelling it a “systemic challenge”.

“My view on China is straightforward,” Sunak said when speaking to reporters at the G20 summit in Bali. “I think that China unequivocally poses a systemic threat – well, a systemic challenge – to our values, and our interests, and is undoubtedly the biggest state-based threat to our economic security, let me put it that way.”

Read more: What is the NSA actually doing in China?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.