Taiwan Targeted In Espionage Campaign

Uploaded on 2024-07-02 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Chinese state-sponsored hackers have been targeting dozens of organisations in Taiwan, including universities, state agencies, electronics manufacturers and religious organisations, according to new research. At least 75 government, technology, and academic organisations across Taiwan have been targeted for reconnaissance as part of a cyber espionage operation.

The hacking group, known as RedJuliett, is likely interested in Taiwan’s economic policies and diplomatic relations with other countries, according to analysts from Recorded Future’s Insikt Group.

RedJuliett exploited vulnerabilities in Internet-facing appliances, such as firewalls and virtual private networks (VPNs), to compromise its targets, which included tech firms, government agencies and universities, Recorded Future said.

RedJuliett, also known as Flax Typhoon, was first identified by Microsoft in 2023 but has been active since mid-2021, predominantly targeting Taiwan.

“Microsoft has observed a distinctive pattern of malicious activity almost exclusively affecting organisations in Taiwan using techniques that could be easily reused in other operations outside the region and would benefit from broader industry visibility. Microsoft attributes this campaign to Flax Typhoon (overlaps with ETHEREAL PANDA), a nation-state actor based out of China,” according to Microsoft.

In another espionage campaign observed between December 2023 and April 2024 by Insikt Group, the group conducted reconnaissance or attempted exploitation of Taiwanese organisations, along with other targets in Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, Rwanda, Djibouti and the US.

In Taiwan, which faces ongoing sovereignty threats from China, the group shows an interest in technology companies, including those involved in the development of optoelectronics, facial recognition and semiconductors. The hackers' targets also include aerospace companies that have contracts with the Taiwanese military, computing industry associations and religious organisations.

RedJuliett is known for exploiting Internet-facing devices such as firewalls, load balancers, and enterprise VPNs for initial access

Like many other Chinese threat actors, the group is likely targeting vulnerabilities in these devices because they have limited visibility and security solutions available, and targeting them has proven to be an effective way to scale initial access, researchers said.

According to the Inskit report, RedJuliett likely operates from Fuzhou, the capital of Fujian province in China, which is relatively close to Taiwan. RedJuliett will “almost certainly” continue to conduct high-tempo cyber-espionage operations with a focus on Taiwanese technology, government, educational, and think tank organisations, according to Insikt Group.

“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” researchers added.

Attacks by RedJuliett have also successfully compromised two dozen entities around the world, including government organisations in Kenya, Laos, and Rwanda, during the same period, an analysis from Recorded Future's Insikt Group showed.

Image: Ideogram

You Might Also Read:

China Is Predicted To Expand Its Cyber Espionage Operations:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.