Security
Headlines
HeadlinesLatestCVEs

Headline

Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

DARKReading
#vulnerability#microsoft#git#intel#auth

Source: Viacheslav Lopatin via Shutterstock

The US, Japan, and the Philippines reportedly will join forces in cybersecurity defense with a strategic cyber threat-sharing arrangement in the wake of rising attacks by China, North Korea, and Russia.

The initiative will launch during high-level trilateral talks between US President Joe Biden, Japanese Prime Minister Fumio Kishida, and Philippine President Ferdinand Marcos Jr. during a trilateral summit in Washington this week, according to the English-language version of the Nihon Keizai Shimbun. The cyber alliance comes on the heels of Volt Typhoon, a group of cyberattackers linked to China’s military, targeting critical infrastructure networks in the Philippines and US territories in the region.

Over the past three months, the number of cyberattack attempts against national government agencies in the Philippines has increased 20% week over week, according to data from Trend Micro shared with Dark Reading.

“Traditional US allies in Asia — Japan, Taiwan, Philippines — are of high interest to Chinese-aligned attackers,” says Robert McArdle, director of forward-looking threat research with the cybersecurity firm. “There has been an increase in tensions in the region recently as well as important political events including presidential elections that China maintains interest in.”

The cybersecurity concerns come as geopolitical tensions have ratcheted up in the region. China has both expanded its military presence, especially with its claims to large sections of the South China Sea — as far away as 1,000 km from its mainland and encroaching on Philippines territory. The military buildup has been matched by increases in cyberattacks by Chinese state-sponsored actors, such as Mustang Panda, which compromised a Philippines government agency last year. The widespread Volt Typhoon attacks have claimed critical infrastructure networks in the Philippines, US, UK, and Australia.

Philippines at Risk

The dispute over the South China Sea comes at a time when the Philippines has seen significant growth in its technology development and business sectors and increased urbanization and Internet access, says Myla Pilao, director for technical marketing for Trend Micro, who works in the company’s Manila office.

“This growth path, [however], also presents challenges including service reliability, workforce skills shortages, and data/privacy management issues [that] make the Philippine ecosystem a more vulnerable target,” she says.

With greater reliance on the Internet and technology comes greater cyber threats. Last May, Microsoft warned that Volt Typhoon, an advanced persistent threat (APT) group linked to China’s military, had infiltrated critical-infrastructure networks, possibly as a way to pre-position cyber-operations teams in foreign networks prior to an outbreak in hostilities.

Volt Typhoon is a severe threat to critical infrastructure in the region, raising the priority of information sharing, says Lisa J. Young, an APAC intelligence officer with the Financial Services Information Sharing and Analysis Center (FS-ISAC).

“This trilateral agreement specifically calls out cyber threats targeting critical infrastructure,” she says. “As the nature of warfare evolves, tactics increasingly incorporate an online element through cyber-attacks and mis- [or]disinformation campaigns, with an increasingly fragmented array of actors. Governments are working to adapt by incorporating both defensive and offensive cyber capabilities.”

US “Hunt Forward” Initiative

The cyber agreement with the Philippines is not a new strategy: The United States and Japan already have entered into trilateral talks with South Korea in July and August, when the three governments agreed to consult on regional threats and share data on foreign information-manipulation. Japan and South Korea also have joined NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE) in 2018 and 2022, respectively, where allies regularly share cyber threat intelligence.

The trilateral agreements with South Korea and the Philippines are aligned with a part of the US strategy known as “Hunt Forward,” where the US Cyber Command deploys military cybersecurity specialists to allies to hunt for malicious cyber activity. So far, more than two dozen allies have hosted Hunt Forward teams, and their deployment will likely raise tensions, Jason Bartlett, a research associate in the Atlantic Council’s Energy, Economics, and Security for a New American Security group, said in an analysis in August.

“Incorporating ‘Hunt Forward’ operations within US cyber strategy with allies in the Indo-Pacific will most likely agitate already sensitive ties between Southeast Asia and China, but the United States needs to increase its cyber presence in the region due to its constant exposure to illicit cyber activity,” Bartlett said. “Numerous state-sponsored hackers, especially from North Korea, have operated from within Southeast Asia and other regions in the Indo-Pacific for years with little punitive backlash from local and national governments.”

The trilateral agreement tackles both cybercrime — especially from North Korea — and nation-state cyberattacks from China, Russia, and North Korea, and works towards isolating bad actors in China, says FS-ISAC’s Young.

“This joint framework among the US, Japan, and the Philippines is a step towards strengthening cyber defenses, mitigating potential attacks, and shoring up supply chains to reduce dependence on China,” she says. “Information sharing across the public and private sectors remains that best way to ensure collective protection of critical infrastructure sectors against the evolving threat landscape.”

About the Author(s)

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

DARKReading: Latest News

Microsoft Pulls Exchange Patches Amid Mail Flow Issues