Chinese state sponsored-hacking group Billbug has breached government and defence agencies throughout Asia, as part of a major campaign that has been ongoing since March. The gang also infiltrated a digital certificate authority, which could lead to Billbug accessing huge amounts of secure internet traffic.
New research from security vendor Symantec says Billbug is known to focus on targets in Asian countries. “In at least one of the government victims, a large number of machines were compromised by the attackers,” the Symantec research says.
Chinese APT gang Billbug attacks Asian governments
The allegedly state-sponsored hacking gang has also been referred to as Thrip, Lotus Blossom, Lotus Panda and Spring Dragon, and has previously been accused of infiltrating organisations in Hong Kong, Macau, Indonesia, Malaysia, the Philippines and Vietnam.
Analysts at Symantec estimate that this particular campaign is predominantly for information gathering. “The targeting of government agencies is most likely driven by espionage motivations,” the report says. “The threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns,” it reads.
During the campaign, the gang also managed to infiltrate a digital certificate authority. Symantec found this particularly alarming: “The certificate authority was likely targeted in order to steal legitimate digital certificates,” its researchers said.
This would allow Billbug to “potentially use compromised certificates to intercept HTTPS traffic”, referring to the protocol used by secure websites.
Content from our partners
Symantec has not found any evidence of this yet, however, and says it has notified the certificate authority in question.
Sunak sees China as ‘systemic challenge’ to UK security
Chinese state-sponsored hackers are considered to be a threat to global security. Last month the head of the UK’s GCHQ Jeremy Fleming said that tech use by the Chinese government could represent a “huge threat to us all.”
Fleming said Beijing could use anti-satellite technology and central bank digital currency as weapons against its enemies abroad. Xi Jinping’s government seeks “to secure their advantage though scale and through control,” he said in a security lecture at the Royal United Services Institute think tank. “This means they see opportunities to control Chinese people rather than looking for ways to support and unleash their citizen’s potential. They see nations as either potential adversaries or potential client states, to be threatened, bribed or coerced.”
But after this tough talk on China and the threat it poses, Prime Minister Rishi Sunak appeared to row back on plans to officially categorise China as a “threat” to UK security which had been advanced by his predecessor Liz Truss, instead labelling it a “systemic challenge”.
“My view on China is straightforward,” Sunak said when speaking to reporters at the G20 summit in Bali. “I think that China unequivocally poses a systemic threat – well, a systemic challenge – to our values, and our interests, and is undoubtedly the biggest state-based threat to our economic security, let me put it that way.”
