CYBERSECURITY firm has discovered that at least two legitimate software—PDF-editor and an anti-virus solution—contain malicious malware that could enable Chinese hackers to attack Philippine government websites.

Cyberint, an Israel-based leader in global threat intelligence which has clients in the Philippines, said they were able to trace cyberattacks from China increasing with the geopolitical tension in the South China Sea since August 2023.

The attackers come from Advanced Persistent Threat (APT) groups which Cyberint believes are state-sponsored and whose systems are very sophisticated.

”We have been identifying an increase in communication and attempts by APT groups being sourced from China who are targeting various Asia-Pacific [APAC] entities and countries, with particular focus on Philippine government agencies in the past years,” Gil Fromovitch, Cyberint vice president, told BusinessMirror.

One of the attackers is identified as the Mustang Panda Group, which is one of the most active Chinese APT groups.

”The group is believed to be affiliated with the Chinese government and has been linked to a number of cyberespionage campaigns targeting government entities, nonprofits, and other organizations in North America, Europe and Asia,” a Cyberint confidential report obtained by BusinessMirror said.

The Cyberint said they were able to monitor three Mustang Panda

cyber espionage campaigns directed against the Philippine government.

”The campaigns utilized legitimate software such as Solid PDF Creator and SmadavProtect, an Indonesian antivirus solution, to execute malicious files onto target systems,” the report said.

Fromovitch said the two software were downloaded from laptops or desktop computers.

He explained that the APT group developed a cyber-attack campaign that would start from any individual who can download the malware-infected software.

“What they’ve done is they managed to put some kind of malicious code inside the PDF. When you download this utility, to just innocently open PDF files, what you actually have is a harmful code into your machine.

”Each individual who downloaded the software will have the malicious code on their endpoint, collecting and sending its content, to the Command and Control server. It’s only a question of time until the malicious code will reach sensitive content, including files, personal and corporate credentials” he said.

”So if you download it, nothing happens.

But if thousands of people download it, eventually it will reach thousands of people who have access to power, access to sensitive data,” he said.

The APT attack was also devised in “a clever approach of cloaking the malware’s command and control communications to mimic legitimate Microsoft traffic,” the report added.

For five days in August 2023, the Mustang Panda was able to “successfully infiltrate a government agency,” the Cyberint report said.

BusinessMirror asked the Chinese Embassy in Manila to comment on the report but it has not replied as of press time.

Earlier, the Chinese Embassy scored some Philippine government officials for “maliciously speculating” and “groundless accusing” China of engaging in cyber attacks against the Philippine government. Linking China and the events in the South China Sea to the cyberattacks on the Philippine government sites, it said, are “highly irresponsible.”

“The Chinese government all along

firmly opposes and cracks down on all forms

of cyber attack in accordance with law, allows no country or individual to engage in cyber attack and other illegal activities on Chinese soil or using Chinese infrastructure,” the Embassy said in a statement last month.

It said cybersecurity is a “global chal-lenge that requires collective response from the international community.”