Is a tri-lateral cyber storm brewing in the South China Sea?

Tensions are heating up in the Far East

A summit is scheduled for Thursday 11th April 2024 where the US President Joe Biden, Japanese Prime Minister Fumio Kishida and Philippines President Ferdinand Marcos Jr, are set to discuss key topics, including the nation’s common concerns regarding China. Strategic thinking regarding a possible conflict over Taiwan will likely dominate the discussions within this emerging tri-lateral faction due to the following: 

• The Taiwan Relations Act obligating Washington to provide weaponry to defend Taipei 
• Both the Philippines and Japan being US defence treaty allies 
• The US military having a military presence in Japan as well as possessing base rights in the Philippines. 

As tensions between China and the US heat up, strategic moves are gaining traction that will inevitably have repercussions on the Western world for generations. However, the world must be aware that as the geopolitical landscape continues to fracture, current-day cyberspace will almost certainly act as a second front for nation states to achieve their agendas, potentially impacting businesses across the world operating within a vast number of industry sectors. 

What stands in the way of Beijing? 

The perceived threat posed by Beijing to these states is manifested in three key areas: Taiwan, the South China Sea, and the Japanese-controlled Senkaku Islands in the East China Sea. In the event of a conflict, China cannot realistically invade Taiwan without encountering the Philippines or Japanese bases. Why?  

Firstly, there is a proximity of less than a few hundred kilometres of water separating both the Philippines and Japan from Taiwan. Further, both Marcos and Kishida have publicly stated that peace in Taiwan is essential to their respective national security posture. I would be remised if I didn’t mention the term coined by former Japanese Prime Minister Shinzo Abe of Japanese interests in the region desiring to form a “free and open Indo-Pacific”, a modern-day mantra for US military presence in the region. This is a sentiment that was recently echoed by the Philippine President in which he states that the nation is “an important partner in maintaining a free and open Indo-Pacific region.” 

I haven’t even mentioned the fact that approximately 90% of Japan’s energy requirements are imported via the water surrounding Taiwan, tying Tokyo’s economic stability to Taipei’s autonomy, meaning that it is in Japan’s strategic interest to protect these sea lanes. 

Historical South China Sea dispute 

Both Japan and the Philippines have distinct territorial disputes with Beijing, the former’s regarding the Senkaku Islands in the East China Sea whereas the latter pertains to Second Thomas Shoal, located close to the coast of the Philippine Island of Palawan. 

China claims the shoal as its sovereign territory despite an international arbitration ruling otherwise, as this area is within the Philippines’ exclusive economic zone. Marcos has pledged not to submit to perceived intimidation from Beijing, whilst Washington has empathised that the mutual defence treaty with the Philippines covers Second Thomas Shoal and the forces involved. 

Regarding the Senkaku Islands, the US has also emphasised that they are covered by the US-Japan mutual defence treaty in response to Beijing maintaining a coast guard presence around the Japanese-controlled islands. 

Has China united a tri-lateral faction? 

Under the presidency of Rodrigo Duterte, Marcos Jr’s predecessor, US access to the Philippines Clark Air and Subic Bay Naval Bases on foreign soil was in doubt given Duterte’s favourable outlook on Chinese relations. However, the current president has shifted in the opposite direction, by improving relations with Washington to push back against Chinese efforts to force the Philippines out of its territorial claims. Perhaps the US is also shifting its tactics in this case by forming a matrix of alliances compared to its traditional method of being the epicentre of a series of bilateral relations with foreign states? 

The trilateral US-Japan-Philippines relationship is not the only faction threatening Chinese interests these days as the US, Japan and South Korea have also enhanced their defence cooperation; Australia has established new defence ties with Japan, whilst the latter is strengthening security ties with the Southeast Asian thorn in the side of Beijing, that is Vietnam. 

Japan abandoning its pacifist past 

US partnership with Japan has long been central to Washington’s strategy in the Indo-Pacific, but the defence ties have expanded under Kishida, who has raised Japan’s profile in global and regional security by steering away from the pacifist constitution imposed on it by the US in the aftermath of World War II, to boost defence spending to, what recent statistics indicate to be, 2% of its GDP by 2027. 

The Japanese prime minister is currently facing low approval ratings. However, regardless of recent Republican policies that have diminished the importance of defence and security treaties, any leadership shake-up in the upcoming US Presidential Election has not deterred Kishida from pursuing peace, stability, and prosperity across international borders as he has closely aligned with G7 nations in its position on Russia by backing Ukraine, whilst at the same time, being on the frontlines of North Korea’s weapons testing programme, alongside South Korea. 

An artificial Chinese response? 

The current Biden administration will likely view this new alliance approach as a method of withstanding potential leadership changes in leadership in the upcoming US Presidential Election in November. However, we have assessed that this will likely face serious challenges from cyber actors across the Far East.  

Beijing’s increasing interest in the Taiwan Strait will likely result in surging Beijing state actor operations throughout the period leading up the 60th Quadrennial Precedential Election as a potential conflict in the region could be influenced by Washington’s desires to preserve stability in the area. We have assessed that aggressive social media disinformation operations will likely target US businesses and government officials to shape the global information domain in favour of Chinese interests. These nation state-level offensive protocols will likely impact the technology sector with China demonstrating increasing levels of sophistication including the incorporation of generative artificial intelligence (AI) technologies, that would allow for scaled campaigns, resulting in social tensions and the erosion of confidence in US-based establishments. 

Impacted Western sectors 

As China inches closer to its intelligence gathering objectives, its state actors have pivoted to a more destructive posture by launching cyber-attacks, including a recent Volt Typhoon operation, against US-based critical national infrastructure and military assets in what we have assessed to be a pre-positioned attack against Western infrastructure as a precursor for any potential military conflicts with Washington and to disrupt communications between the US and its allies within East Asia, including Taiwan and Japan. This could potentially deter US military engagements by delaying US decision making, inducing societal panic, and interfering with the deployment of US forces. 

Although there are indications that China and the US desire to stabilise relations in order to avoid significant escalation, the existing tensions are highly unlikely to improve significantly in 2024 due to this entrenched rivalry and, as such, we have assessed that the majority of Beijing-aligned cyber efforts will be aimed towards the US and its allies in the West, as well as those within the Far East including Japan and South Korea. Sectors that should be on the lookout for these offensive efforts would be education, energy, finance, government, and healthcare, as well as the aerospace and defence verticals. 

Defence strategies 

Based on the attack chain that we have detected to have been incorporated by PRC-sponsored cyber forces, the Quorum Cyber Threat Intelligence team strongly recommends that organisations implement the following defensive measures to strengthen operational resilience: 

Initial Assessment 

• Assess the organisation’s current security posture and implement Cybersecurity Performance Goals (CPGs) to bolster resilience.  
• Establish a baseline normal host behaviour and user activity to detect anomalous activity on endpoints when reviewing logs. 

Mitigate Risk 

• Prioritise mitigation of Known Exploited Vulnerabilities (KEV)1, including the top Common Vulnerabilities and Exposures (CVEs) leveraged by PRC cyber actors since 20202.  
• Prioritise logging (e.g., command-line interface “CLI”) and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block, File Transfer Protocol, Trivial File Transfer Protocol, Secure Shell, and Web Distributed Authoring and Versioning).   
• Establish the principle of least privilege by isolating privileged administrator actions and locations to a manageable subset of locations, where effective baselines can be established3 

Learn more about how geopolitics and cyber security are connected

You can now sign up to the next edition of the Quorum Cyber Global Cyber Threat Series: Far East on 22nd May, where we will provide our intelligence assessments surrounding the developing cyber threats within the Far East and how this will likely impact the threat landscape and businesses across the industry spectrum in areas of the world such as the UK and the US. The brief will cover the following critical topics: 

• An analysis of Chinese state-aligned destructive cyber-attacks against the US and its allies  
• An exploration of Beijing-aligned intellectual property (IP) theft and espionage operations related to the ‘Made in China 2025’ and ‘Belt and Road Initiative’ projects 
• The cyber implications of China’s aggressive expansion into the Middle East 
• An examination of financially motivated cyber operations launched by North Korean state-aligned cyber forces 
• An analysis of the increasing threat posed by Vietnam-based cyber actors  
• A forecast on how the high-profile elections slated for 2024 will likely coincide with a surge in Chinese and North Korean cyber-attacks, reflecting the geopolitical landscape of the Far East. 

Threat Intelligence Outlook 2024 report 

The Quorum Cyber Threat Intelligence Outlook 2024 report provides a comprehensive breakdown on which offensive cyber operations will likely coincide with numerous major global events scheduled for 2024, such as presidential and national elections, as well as the Olympic Games in Paris. You can download the report for free today.