Preparing For A South China Sea Cyber Storm

Uploaded on 2024-07-04 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Defence, FREE TO VIEW

As tensions between China and the US heat up, strategic moves are gaining traction that will inevitably have repercussions on the Western world for generations.

However, the world must be aware that as the geopolitical landscape continues to fracture, cyberspace will almost certainly act as a second front for nation states to achieve their agendas, potentially impacting global businesses across the industry spectrum.

The perceived threat posed by Beijing is manifested by the territorial disputes between China with both Japan and the Philippines respectively, with the former regarding the Senkaku Islands in the East China Sea and the latter pertaining to Second Thomas Shoal, located close to the coast of the Philippine Island of Palawan. Taiwan also plays a critical role with China bent on reunification with the island.

However, Beijing cannot realistically invade Taiwan without encountering the Philippines or Japanese bases. Why?

Primarily because there is a proximity of less than a few hundred miles of water separating Philippine and Japanese territory from Taiwan. Further, both the Philippines President Ferdinand Marcos Jr and the Japanese Prime Minister Fumio Kishida have publicly stated that peace in Taiwan is essential to their respective national security postures.

Has China United A Tri-Lateral Faction? 

US President Joe Biden and his counterparts, Kishida and Marcos Jr., held the first-ever U.S.-Japan-Philippines trilateral summit on April 11th, highlighting the importance of the US Indo-Pacific Strategy, with the leaders pledging to pursue a free and open Indo-Pacific “for decades to come.”

A recently formed trilateral US-Japan-Philippines relationship is not the only faction threatening Chinese interests these days as the US, Japan and South Korea have also enhanced their defense cooperation; whilst Tokyo is strengthening security ties with the Southeast Asian thorn in the side of Beijing, that is Vietnam. 

An Artificial Chinese Response? 

The current Biden administration will likely view this new partnership as a method of withstanding potential leadership changes in the upcoming US Presidential Election in November. However, we have assessed that this will likely face serious challenges from cyber actors across the Far East.  

Beijing’s increasing interest in the Taiwan Strait will likely result in surging Chinese state cyber actor operations throughout the period leading up the November 5th US Presidential Election as a potential conflict in the region could be influenced by Washington’s desires to preserve stability in the area.

We have assessed that aggressive social media disinformation operations will likely target US businesses and government officials to shape the global information domain in favor of Chinese interests.

These nation state-level offensive protocols will likely impact the technology sector with China demonstrating increasing levels of sophistication including the incorporation of generative artificial intelligence (GenAI) technologies, that would allow for scaled campaigns, resulting in social tensions and the erosion of confidence in US-based establishments. 

Impacted Western Sectors 

As China inches closer to its intelligence gathering objectives, its state actors have pivoted to a more destructive posture by launching cyber-attacks, including a recent Volt Typhoon operation, against US-based critical national infrastructure and military assets in what we have assessed to likely be a pre-positioned attack against Western infrastructure as a precursor for any potential military conflicts with Washington and to disrupt communications between the US and its allies within East Asia, including Taiwan and Japan. This could potentially deter US military engagements by delaying US decision making, inducing societal panic, and interfering with the deployment of US forces.

We have assessed that these offensive efforts will likely spill over into the education, energy, finance, government, and healthcare, as well as the aerospace and defense verticals. 

Defense Strategies 

Based on the attack chain that we have detected to have been incorporated by Chinese sponsored cyber forces, the Quorum Cyber Threat Intelligence team strongly recommends that organizations implement the following defensive measures to strengthen operational resilience: 

Initial Assessment 

  •  Assess the organization’s current security posture and implement Cybersecurity Performance Goals (CPGs) to bolster resilience.  
  • Establish a baseline normal host behavior and user activity to detect anomalous activity on endpoints when reviewing logs. 

Mitigate Risk 

  • Prioritize logging (e.g., command-line interface “CLI”) and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block).
  • Establish the principle of least privilege by isolating privileged administrator actions and locations to a manageable subset of locations, where effective baselines can be established.

 
Craig Watt is a Threat Intelligence Consultant at Quorum Cyber  

Image: Ideogram

You Might Also Read: 

Cyber Aftermath From The Airstrike On Syria’s Iranian Consulate:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Rising AI Security Threats To Small Businesses
Taiwan Targeted In Espionage Campaign »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

TechArch

TechArch

TechArch helps customers to optimize their investments in cybersecurity by providing them independent and vendor-neutral consultation and guidance.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Rakuten Maritime

Rakuten Maritime

Rakuten Maritime is your trusted partner in maritime cybersecurity, offering comprehensive and proactive solutions tailored to every stage of a ship’s life cycle.

Cytracom

Cytracom

Cytracom delivers powerful yet intuitive solutions that enable MSPs and ITSPs to meet the challenges of security, compliance, and connectivity.