FireEye researchers are cautioning Malaysian organizations to be on the lookout for elevated cyberespionage attacks that could result from recent political developments concerning China's Belt & Road Initiative.
The “One Belt, One Road” or "Belt and Road Initiative" (BRI) is an ambitious, multi-year, $1 trillion USD endeavor to build land and maritime trade routes across Asia and parts of Africa into Europe to project China's influence across the greater region, according to an internal FireEye report provided to SC Media.
Researchers speculate the project will spawn cyberespionage activity on regional governments along these trade routes and will likely include the emergence of new threat groups and nation-state actors considering the geopolitical interests that will be affected by the endeavor.
“Malaysia's new government has called for renegotiation of the terms of some Belt & Road projects, which is likely to generate some uncertainty in parties interested in the outcome of these projects and other regional developments,” Sandra Joyce, vice president and head of global intelligence operations at FireEye. “We expect espionage activity against Malaysian organizations will increase in an attempt to gain insight into current events,” said in a release prepared for the firm's customers.
Joyce added that Malaysian organizations both in the public and private sector should take steps to strategically manage their risk by understanding who their potential enemies are and how they would likely target them.
Researchers speculate threat actors may look to use announcements on BRI progress as a lure material for phishing attacks and other future intrusions and have already witnessed indication of cyberespionage activity in areas concerning the project is increasing from regional and unattributed actors.
Activity has been spotted from a threat group dubbed “Roaming Tiger” which primarily focuses on targets in the former Soviet Union, targeting Belarus.
In addition, researchers have also seen TOYSNAKE malware targeting European entities, BANECHANT malware targeting the Maldives, LITRECOLA malware targeting Cambodia, SAFERSING malware targeting international NGOs, and TEMP.Periscope targeting maritime industry.