Chinese state-sponsored hacking and cyber espionage activities targeting governments in Southeast Asia have been ongoing since 2022. But recently they returned with new tools and new targets. Operation Crimson Palace was exposed in 2023 by the Sophos X-Ops Threat Hunting Team. Security researchers exposed a level of coordination previously unseen between multiple threat actor groups. Three teams were identified and are thought to be working under the direction of the Chinese government. These efforts go back as far as 2022. They focus on stealing secrets related to contentious regional conflicts such as control of territory in the South China Sea.

Key Judgment 1. It is likely that Chinese espionage operations such as Operation Crimson Palace, will continue to expand their targets within Southeast Asia.

Key Judgment 2. It is likely that coordinated cyber espionage operations, such as Operation Crimson Palace, will continue to increase in sophistication.

Key Judgment 3. It is likely that China continues to use state-sponsored hacking to gain strategic advantage in regional conflicts.