SOCRadar® Cyber Intelligence Inc. | Top 5 Cyber Attacks in the Asia Pacific (APAC) in 2021


Dec 28, 2021
4 Mins Read

Top 5 Cyber Attacks in the Asia Pacific (APAC) in 2021

As the end of the year approaches, we continue to compile the prominent cyber security news of the year specific to the regions. Address to four of the five most crowded populations globally, the Asia Pacific (APAC) has experienced exponential financial technology and e-commerce, increasing desire for Internet and broadband services. 

As IoT technologies spread and digital transformation quickens in APAC, the region has encountered an explosion of new cyber threats and vulnerabilities. Here, we gather the top 5 cyber attacks in APAC for 2021. 

1- Insurance Suffers From Ransomware 

Japanese-headquartered insurance firm Tokio Marine Group was the ransomware victim of an attack on its Singapore unit. Some of Tokio Marine Insurance Singapore’s (TMiS) private servers were targeted on July 31 and were isolated to stop further damage. 

The insurer also verified that the ransomware attack affected the Singapore subsidiary only, and there is no damage or effect on different group companies. The victim organization has taken information security safeguards so far and will endeavor to make more efforts to keep customer data and confidential information protected.

2- China-linked APT Group Mustang Panda Targeting Indonesian Government   

Mustang Panda, a cyber-espionage threat group linked to China, has infiltrated the internal networks of at least ten Indonesian government departments and agencies. One of the alleged targeted agencies is Badan Intelijen Negara, Indonesia’s primary intelligence service (BIN).  

A PlugX malware C2 server (controlled by Mustang Panda) has been discovered connecting with systems hosted inside the networks of Indonesian government institutions. BIN, Indonesia’s national intelligence agency, denied that the Chinese state-sponsored hacker organization hacked its networks. The agency is still looking into whether or not other federal agencies were impacted. 

3- Another China-linked APT Naikon Attacks on Military Organizations in Southeast Asia  

China-linked APT Naikon has used a new backdoor in various cyber-espionage activities in the previous years. The victims of this operation have been identified as military organizations in Southeast Asia. 

Malicious behavior was carried out between June 2019 and March 2021. The threat actors employed Aria-Body loader and Nebulae as the initial step of the attack at the start of the operation. Threat actors included the RainyDay backdoor in their toolset starting in September 2020, and the goals of this operation were cyber-espionage and data theft. 

Naikon’s ongoing cyber-espionage campaign throughout the APAC region (Source: Secure List)

4- APAC Offices of Insurance Giant AXA Fall Victim of A Ransomware Attack  

Avaddon, a well-known ransomware gang, targeted AXA, one of the world’s largest cyber insurance companies, with a ransomware attack.  

The Avaddon ransomware organization claimed responsibility for the attack on its dark website. The group claimed to have stolen three terabytes of data, including ID cards, passport copies, customer claims, reserved agreements, denied reimbursements, payments to customers, contracts and reports, customer IDs and bank account scanned papers, hospital and doctor accumulated material (private fraud investigation), and customer medical reports including HIV, hepatitis, and STDs. 

The hackers have also threatened AXA Group with data leaks and DDoS attacks if their ransom demands are not paid. 

5- Luxury Hotel Chain From Thailand Reporting A Massive Data Breach 

Thanks to a notorious group of cybercriminals who have been behind a spate of attacks in recent weeks, a deluxe hotel chain in Thailand has reported a data breach. The hacker group, which has targeted various Asian organizations in recent years, declined to comment on whether this was a ransomware attack but said they “essentially shut down their entire backend, which comprises five servers.” 

Records were dating back ten years in the 200 GB of the digital index, which contained the personal information of over 106 million international visitors. Full names, arrival dates, gender, passport numbers, and residency status were the details published in the publicly accessible database. 

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Try for free