top of page

PA RAIDS NPA HIDEOUT WHILE DATA THIEVES TARGET ASIA WITH AI ADS HIDING MALWARE TRAP AND SOUTH KOREA LAUNCHES EYE IN THE SKY WITH SAR SATELLITE AS TAIWAN/AUSTRALIA TEAM UP IN CYBERSECURITY INITIATIVE

April 4-10, 2024 | Issue 14 - PACOM and CICYBER Teams

Dan Flanagan, Janthe Van Schaik, Jayde Dorland, Mihai Marian Calinoiu, Prim Kanlayanarak

Alya Fathia Fitri, Anya Golend-Pratt, Editor; Evan Beachler, Senior Editor


Philippine Flag[1]


Date: April 4, 2024

Location: Barangay Laguio, Ragay, Camarines Sur, Philippines

Parties involved: Philippines; Philippine government; Philippine Army (PA); Lt. Gen. Roy Galido; Philippine Army spokesperson Col. Louie Dema-ala; Philippine improvised explosive device (IED) specialists; Philippine citizens; Philippine rural community leaders;  armed wing of the Communist Party of The Philippines (CPP) New People’s Army (NPA)

The event: The PA engaged alleged members of the NPA at 0820 local time, according to Dema-ala. After the confrontation, PA forces recovered weapons, IEDs, and subversive documents. Galido and the PA are working to dissolve the armed group, stating, "We didn't let go, then the cooperation of local chief executives is very important so we get them. These are community outputs, this series of encounters.”[2] The PA is continuing to pursue NPA members in the region.[3]

Analysis & Implications: 

  • There is a roughly even chance the NPA will accuse local communities of cooperating with PA forces, likely considering the PA response if they attack rural areas. The NPA will very likely investigate which communities aided the PA, likely viewing these communities as potential threats and justifying their cause for retaliation. Community leaders will likely meet with NPA representatives, very likely ensuring that contact with the PA does not compromise NPA activities.

  • The PA will likely utilize the seized weaponry and subversive documentation to inform future offensive plans. The army will likely instruct IED specialists to examine the confiscated explosives, almost certainly informing PA generals of its components to enable counter strategies, including using counter-IED equipment, such as jammers and unmanned counter-IED systems. The PA will very likely view the seized documentation to uncover recent NPA rhetoric, notifying the government of its content to reinforce counter campaigns. Compiling the examination’s evidence will very likely bolster the PA’s operation to dismantle NPA presence in rural areas, likely advancing the timing of planned offensives and providing an operational advantage.

  • The Philippine government will very likely refocus efforts on increasing community interest in development, social cohesion, and economic output to deter NPA regional influence. They will almost certainly deploy a campaign highlighting government advantages, very likely underlining the lack of NPA resources critical for community development. Local populations will very likely see government efforts as an investment in improving quality of life, likely increasing government support and PA success.


Date: April 4, 2024

Location: Vietnam

Parties involved: Vietnam; China; South Korea; Bangladesh; Pakistan; Indonesia; Vietnam; Meta Platforms; Microsoft Corporation; Telegram Messenger; Google; OpenAI; Midjourney; Vietnamese financially-motivated threat actor, Coral Raider    

The event: Coral Raider has been targeting India, China, South Korea, Bangladesh, Pakistan, Indonesia, and Vietnam with Rotbot payloads to steal financial and personal data.[4] Malicious actors are impersonating AI platforms in malvertisement campaigns by incorporating malware in online advertisements through intrusive stealers that collect credentials and financial data when the target clicks on the sponsored advertisement.[5]

Analysis & Implications:

  • Fake social media pages used for malvertising campaigns and cyber-attacks will almost certainly continue to grow as AI capabilities expand and deepfakes quality increases. Malvertising campaigns almost certainly increase the spread of disinformation, likely attempting to influence elections worldwide and steal personal information such as credentials and financial data. Hackers will likely expand phishing techniques by creating AI-modified audio deep fakes and adapting the malicious payload to avoid detection.

  • Social media platforms will very likely encourage users to implement additional security measures such as Multi-Factor Authentication (MFA) and deactivate inactive accounts to avoid unauthorized access by threat actors. The Facebook Protect security feature will likely provide educational resources on monitoring, detecting threats, and identifying suspicious behavior on social media platforms. Meta and Google will very likely impose strict advertising regulations and systems of combatting deep fakes to decrease threats of stream-jacking attacks or stealing personal information through malicious paid advertisements.


Date: April 7, 2024

Location: Florida, USA

Parties involved: South Korea’s Ministry of National Defense (MND); South Korea’s Minister of National Defense Shin Won-sik; South Korea’s Agency for Defense Development (ADD); USA; US aerospace company SpaceX; North Korea; North Korean People’s Army; North Korean media; North Korean citizens

The eventSouth Korea launched its second spy satellite, the ROK military reconnaissance satellite no.2, at approximately 1917 from the Kennedy Space Center, which detached from the Falcon-9 launch vehicle at around 0857. The satellite communicated with foreign ground stations to confirm its successful orbit into space and that it was in good condition. MND states that the spy satellite will conduct space orbital tests, including calibration in the space environment under the supervision of the ADD, and carry out surveillance missions after military-supervised operational tests and evaluations. The launch of the satellite has secured the MND’s ability to reinforce its intelligence capabilities, which will strengthen its missile strike potential, reinforced by the satellite's use of Synthetic Aperture Radar (SAR) that can produce ultra-high-resolution imagery regardless of weather conditions or time of the day. Shin outlines the MND’s plans to launch follow-up military reconnaissance satellites and an ultra-small satellite currently under development by next year to give them intelligence superiority “that cannot be compared with North Korea.”[6]

Analysis & Implications:

  • South Korea will very likely increase cooperation with SpaceX beyond its 2025 contract, likely leveraging the US’ technological capabilities. They are unlikely to incentivize SpaceX to move operations of South Korean interests from the US, likely believing US-based launches add an extra layer of security. South Korea will likely diversify satellite types for future launches, very likely proposing future launches to include military and telecommunications devices to bolster existing aerospace espionage activities.

  • North Korea will very likely use the satellite launch to justify future missile tests and military exercises. North Korea will very likely launch its missiles at contested areas, such as the Sea of Japan, instigating South Korean counter-demonstrations to exemplify its disapproval of military intimidation. North Korea will likely display its incursion capabilities by holding military parades to exhibit its arsenal and exercises close to the border to demonstrate its readiness, very likely to heighten South Korea’s alertness and pressure the nation into scaling back its surveillance and intelligence ambitions.

  • North Korean media will almost certainly react to the satellite launch by pushing for an increase in nationalism, very likely distributing pro-regime propaganda across all forms of media. Spy satellite-propagandist themes will almost certainly proliferate North Korean television and radio channels, with the state very likely creating banners and posters with the same rhetoric to ensure narratives are received by all citizens. State media will very likely characterize South Korea and the US as aggressors who seek to undermine North Korea, likely calling for national unity to deter foreign influence.


Date: April, 8, 2024

Location: Taiwan

Parties involved: President of Taiwan, Tsai Ing-wen; Taiwan; Australia; Australian parliamentarian delegation; China; Taiwan Semiconductor Manufacturing Company Ltd (TSMC)

The event: The meeting between President Tsai Ing-wen and the Australian parliamentarian delegation involved discussing the cybersecurity cooperation efforts to safeguard critical infrastructure and promote regional stability.[7] With the increased cyber attacks on critical infrastructure and espionage attempts, Taiwan has bolstered the development of information and communication security and protection of its electronic chip manufactured by TSMC, representing 90% of global production.[8] 

Analysis & Implications:

  • Australia will very likely provide Taiwan with cyber security resources to safeguard critical communication and information infrastructure against Chinese cyber attacks. Chinese-backed cyber groups will likely target Australia to disrupt cooperation, likely increasing the frequency of attacks but very unlikely to stop the partnership between both countries. Other states in the PACOM region, like Japan and the Philippines, will likely increase collaboration with the US to protect critical infrastructure and maintain stability in regional cyberspace, with a roughly even chance of establishing a multinational cybersecurity collaboration system with Taiwan and Australia.

  • China is unlikely to target critical industries of Taiwan’s economy, such as semiconductor manufacturing, due to their importance to China’s electronics factories, which are very likely protecting the global electronics supply chain. The economic security of Taiwan is likely to increase in steady cooperation with Australia, which will almost certainly improve national security in the case of a multinational collaboration system established in the region. The cooperation will likely allow semiconductor manufacturers and critical financial institutions to prevent Chinese cyber threats by utilizing shared threat intelligence on specific and imminent exploits.

 

[2] PH Army clashes with NPA rebels in Ragay, Camarines Sur, ABS-CBN News, April 2024, https://news.abs-cbn.com/regions/2024/4/5/ph-army-clashes-with-npa-rebels-in-ragay-camarines-sur-1333 (Translated by Dan Flanagan)

[3] Ibid

[4] Vietnam-Based Hackers Steal Financial Data Across Asia with Malware, The Hacker News, April 2024,  https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html 

[5] Ibid

[6] Successfully launched the second reconnaissance satellite of the ROK military, securing the military's first SAR satellite, strengthening the all-weather surveillance capability against North Korea, Ministry of National Defense, April 2024, https://www.mnd.go.kr/user/newsInUserRecord.action?siteId=mnd&page=1&newsId=I_669&newsSeq=I_62434&command=view&id=mnd_020500000000&findStartDate&findEndDate&findType=title&findWord&findOrganSeq 

[7] Australian lawmaker visiting Taiwan broaches sensitive topic of security cooperation, Reuters, April 2024, https://www.reuters.com/world/asia-pacific/senior-australia-lawmaker-broaches-security-cooperation-taiwan-trip-2024-04-08/ 

[8] On the ballot in Taiwan: The global microchip supply chain, Politico, January 2024, https://www.politico.eu/article/taiwan-election-china-independence-microchips-industry-geopolitics/ 

bottom of page