Skip to main content

Sydney Times

BUSINESS NEWSWIRE CITY OF SYDNEY NEWS SYDNEY LIFE

Why we block SINGAPORE -Chinese Hackers in Singapore Target Australian News sites like Sydney Times

Written by Aksel Ritenis

Why we block SINGAPORE -Chinese Hackers in Singapore Target Australian News sites like Sydney Times

This article was generated with Google GeminiAI/Posted Saturday 07 March,2026

In recent years, cybersecurity experts and intelligence agencies have tracked a specific pattern of cyber operations involving infrastructure based in Singapore to target Australian entities.

While “Q Cloud” (Tencent Cloud) is a legitimate global service, threat actors frequently exploit its Singapore-based nodes to launch attacks, taking advantage of the city-state’s high-speed connectivity and its proximity to both China and Australia.

Here is an overview of how these operations are structured and their impact on Australian media.


The Infrastructure: Tencent Cloud in Singapore

Hackers often use Tencent Cloud (Q Cloud) at Singapore-based IP addresses as a “jumping-off point” or a proxy. This strategy provides several advantages for state-sponsored groups (such as APT40 or Salt Typhoon):

  • Geographic Obfuscation: By routing traffic through Singapore, hackers can bypass geo-blocking filters that might otherwise flag or block direct traffic from mainland China.

  • Low Latency: Singapore’s world-class digital infrastructure allows for high-speed data exfiltration and more effective DDoS (Distributed Denial of Service) attacks against Australian news servers.

  • Reputation Hijacking: Traffic from a major cloud provider like Tencent is often harder to distinguish from legitimate commercial traffic, allowing malicious activity to “blend in” with standard web requests.

Targeting Australian News Websites

News organizations are high-value targets because they act as the gatekeepers of public information. Attacks originating from Singapore-based Tencent IPs have focused on two main goals:

1. Disruptive Attacks (DDoS)

Massive surges of “bad requests” are directed at Australian news sites to knock them offline.

  • The Damage: During critical events, such as elections or regional summits, news sites have experienced significant slowdowns or complete outages, preventing the public from accessing verified information.

  • Technical Note: These attacks often utilize HTTP/2 and sophisticated botnets to overwhelm firewalls.

2. Strategic Espionage & Defacement

Beyond simple disruption, hackers seek to infiltrate the backend systems of media outlets.

  • Credential Theft: Using brute-force attacks on SSH ports, actors attempt to gain administrative access to news CMS (Content Management Systems).

  • Information Warfare: Once inside, the goal is often to steal sensitive contact lists of journalists and their sources or to prepare for “defacement,” where the hacker replaces a legitimate news story with propaganda or disinformation.

Notable Incident Trends (2024–2026)

Intelligence reports from the Australian Signals Directorate (ASD) and ASIO have highlighted an increase in these “hop-point” tactics:

  • Salt Typhoon Activity: This group has been linked to wide-scale probing of telecommunications and media infrastructure, often using Southeast Asian cloud servers to maintain a persistent presence in Australian networks.

  • ASEAN Summit Interference: In 2024 and 2025, cyber skirmishes spiked during regional summits in Melbourne, with much of the malicious traffic traced back to Tencent-NET-AP-CN addresses in Singapore.


Google Gemini AI -Note on Attribution: While the IP addresses are linked to Tencent, this does not necessarily mean Tencent is complicit. State-sponsored hackers frequently rent or hijack virtual private servers (VPS) within these cloud environments using stolen credentials or anonymous payments.

About the author

Aksel Ritenis

Publisher and Custodian of the Sydney Times

error: Content is protected !!