Taiwan Targeted In Espionage Campaign

Uploaded on 2024-07-02 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Chinese state-sponsored hackers have been targeting dozens of organisations in Taiwan, including universities, state agencies, electronics manufacturers and religious organisations, according to new  research. At least 75 government, technology, and academic organisations across Taiwan have been targeted for reconnaissance as part of a cyber espionage operation.

The hacking group, known as RedJuliett, is likely interested in Taiwan’s economic policies and diplomatic relations with other countries, according to analysts from Recorded Future’s Insikt Group.

RedJuliett exploited vulnerabilities in Internet-facing appliances, such as firewalls and virtual private networks (VPNs), to compromise its targets, which included tech firms, government agencies and universities, Recorded Future said.

RedJuliett, also known as Flax Typhoon, was first identified by Microsoft in 2023 but has been active since mid-2021, predominantly targeting Taiwan.

“Microsoft has observed a distinctive pattern of malicious activity almost exclusively affecting organisations in Taiwan using techniques that could be easily reused in other operations outside the region and would benefit from broader industry visibility. Microsoft attributes this campaign to Flax Typhoon (overlaps with ETHEREAL PANDA), a nation-state actor based out of China,” according to Microsoft.

In another espionage campaign observed between December 2023 and April 2024 by Insikt Group, the group conducted reconnaissance or attempted exploitation of Taiwanese organisations, along with other targets  in Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, Rwanda, Djibouti and the US.

In Taiwan, which faces ongoing sovereignty threats from China, the group shows an interest in technology companies, including those involved in the development of optoelectronics, facial recognition and semiconductors. The hackers' targets also include aerospace companies that have contracts with the Taiwanese military, computing industry associations and religious organisations.

RedJuliett is known for exploiting Internet-facing devices such as firewalls, load balancers, and enterprise VPNs for initial access

Like many other Chinese threat actors, the group is likely targeting vulnerabilities in these devices because they have limited visibility and security solutions available, and targeting them has proven to be an effective way to scale initial access, researchers said.

According to the Inskit report, RedJuliett likely operates from Fuzhou, the capital of Fujian province in China, which is relatively close to Taiwan.  RedJuliett will “almost certainly” continue to conduct high-tempo cyber-espionage operations with a focus on Taiwanese technology, government, educational, and think tank organisations, according to Insikt Group.

“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” researchers added.

Attacks by RedJuliett have also successfully compromised two dozen entities around the world, including government organisations in Kenya, Laos, and Rwanda, during the same period, an analysis from Recorded Future's Insikt Group showed.

Recorded Future     |     Microsoft     |     Al Jazeera     |     SC Media     |     The Hacker News   |   The Record    

Image: Ideogram

You Might Also Read: 

China Is Predicted To Expand Its Cyber Espionage Operations:  

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Preparing For A South China Sea Cyber Storm
Hacker Responsible For Wiper Malware Identified »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.